Today, a DDoS attack happened to one of my WordPress sites, and as a result, all the sites on my DigitalOcean droplet were affected. I had to enable "under attack mode" in Cloudflare, and now my server is fine.
However, I am now facing an issue where URLs with ".php" extensions are not behaving as expected on all WordPress websites hosted on the server. I have tried directly accessing a .php file on the server (e.g., example.com/test.php), but it consistently loads the home page instead. Strangely, when I tried accessing a .html or .txt file directly, they are accessible.
Additionally, when attempting to access the admin panel, I receive a "403 Forbidden You don't have permission to access this resource" error.
I want to note that I have not made any recent changes on any of the websites.
To troubleshoot the issue, I have already taken the following steps:
- Disabled all plugins.
- Enabled debug mode.
- Paused Cloudflare.
- Cleared all cache.
- Checked file and directory permissions.
- Deleted and restored the .htaccess file.
Despite these efforts, the problem persists. I am concerned about the security and functionality of my websites. Any further advice or assistance would be greatly appreciated. Thank you.