How to fix WordPress admin panel issue if you’ve tried everything

A client’s ticket said that she couldn’t access her WordPress admin panel (domain.tld/wp-admin), as it was giving her a 500 error. Unfortunately, this is a generic error that could be caused by anything. Our Support Team was seeing this error as well. Here are the steps I took to fix the issue:

Common causes and steps to fix

There are many articles about how to access wp-admin like this and this. These articles helped us see if the following caused the 500 error on wp-admin:

  • Bad plugin(s)
  • Corrupted .htaccess file
  • Corrupted wp-admin and wp-includes folders
  • PHP version incompatibility
  • Low memory limit in php.ini

With the common causes in our sights, I attempted to fix the issue by:

  • Deactivating plugins through cPanel to check if one of them is the cause.
  • Deactivating .htaccess files throughout folders to see if any of them caused the issue, as sometimes there’s code that prevents people from logging in based on IP.
  • Uploading fresh wp-admin and wp-includes in case the originals were corrupted.
  • Rolling back the PHP version, just in case it caused the issue.
  • Increasing memory limit in php.ini

None of them fixed the issue. Neither Support nor customer was able to access wp-admin without the 500 error.

wp-config.php file

Soon after, I noticed that the wp-config.php file was 0KB in size. Sure enough, it was empty. Why would the contents of the file be gone? Some reasons:

  • Plugin or theme updates that failed to complete properly
  • User with access to the file accidentally erasing the contents
  • Site might be compromised

To fix this, I did the following:

  1. Restored a backup of the site with the wp-config.php file intact.
  2. Moved wp-config.php above the root folder to increase security.
  3. Blocked suspicious IP addresses that have been visiting the login page.
  4. Updated all the plugins and themes within WordPress and installed the free version of Wordfence so it could do a site scan.

Finishing it off

I don’t sugarcoat or hide anything from the client, so I let them know what we did to help them. I also let the client know that the scan showed that a plugin was abandoned, meaning it hasn’t been updated in a long time. This could be a security concern, as the plugin isn’t up to the current WordPress standards. I advised her to let her web developer know, so they might be able to suggest a more up-to-date alternative. In the end, she could access the WordPress Dashboard and complete her tasks. Happy customers make me happy.