WP Defender PHP Execution Problems??

OK, I should let you know how this problem all began because I'm not sure where the issue lies at this point. The styling on one of my sub sites became distorted. I though there may be a plugin conflict, but upon disabling plugins I didn't see any change regarding the problem.

I then tried to reupload the theme and that did nothing. I went to the theme developer to see if there was a newer version and there was not. He took a look at this issue for me and found that the style.php file was not a readable file. In fact, when he tried to visit the site, it gave a 403 error. I reviewed people's sites who had a similar theme and when I went to the directory that contained the style.php file, I was able to see it just fine. But mine had the 403 error.

So I went to my hosting company (at the direction of the Theme developer) and told them that although the permissions for the file were set at 755, the file was not readable like other sites.

They looked into it and here is what they said:


## WP Defender - Prevent PHP Execution ##
<Files *.php>
Order allow,deny
Deny from all

This code denies the access to all the PHP files in the directory wp-content and all subdirectories recursively.

I have renamed the file .htaccess-BLOCK and I was able to access the file:

curl -I http://hotmommadesignz.com/wp-content/themes/FlowAway/style.php
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Sep 2016 01:45:20 GMT
Content-Type: text/css
Connection: keep-alive
Vary: Cookie
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=d2a3afi1gdqop049v7bip45kk0; path=/
Host-Header: 192fc2e7e50945beb8231a492d6a8024

Please check the results and let me know if you need further assistance.

So when I went to visit the link, I noticed that I no longer got the 403 error and that the file was readable. I thought the issue might be resolved, but the style of the site is still looking distorted.

Also, I wanted to see what I could do to still use php execution, but to also ensure it doesn't deny critical files that I need to run my sites. I'm also not sure if WP Defender has written code into any other files that may be causing my sub site problems. I know when I disabled the plugin, the results were still the same, but again I'm not sure it there was still coding in place that would cause a problem with my styling...