A client’s ticket said that she couldn’t access her WordPress admin panel (domain.tld/wp-admin), as it was giving her a 500 error. Unfortunately, this is a generic error that could be caused by anything. Our Support Team was seeing this error as well. Here are the steps I took to fix the issue:
Common causes and steps to fix
There are many articles about how to access wp-admin like this and this. These articles helped us see if the following caused the 500 error on wp-admin:
- Bad plugin(s)
- Corrupted .htaccess file
- Corrupted wp-admin and wp-includes folders
- PHP version incompatibility
- Low memory limit in php.ini
With the common causes in our sights, I attempted to fix the issue by:
- Deactivating plugins through cPanel to check if one of them is the cause.
- Deactivating .htaccess files throughout folders to see if any of them caused the issue, as sometimes there’s code that prevents people from logging in based on IP.
- Uploading fresh wp-admin and wp-includes in case the originals were corrupted.
- Rolling back the PHP version, just in case it caused the issue.
- Increasing memory limit in php.ini
None of them fixed the issue. Neither Support nor customer was able to access wp-admin without the 500 error.
wp-config.php file
Soon after, I noticed that the wp-config.php file was 0KB in size. Sure enough, it was empty. Why would the contents of the file be gone? Some reasons:
- Plugin or theme updates that failed to complete properly
- User with access to the file accidentally erasing the contents
- Site might be compromised
To fix this, I did the following:
- Restored a backup of the site with the wp-config.php file intact.
- Moved wp-config.php above the root folder to increase security.
- Blocked suspicious IP addresses that have been visiting the login page.
- Updated all the plugins and themes within WordPress and installed the free version of Wordfence so it could do a site scan.
Finishing it off
I don’t sugarcoat or hide anything from the client, so I let them know what we did to help them. I also let the client know that the scan showed that a plugin was abandoned, meaning it hasn’t been updated in a long time. This could be a security concern, as the plugin isn’t up to the current WordPress standards. I advised her to let her web developer know, so they might be able to suggest a more up-to-date alternative. In the end, she could access the WordPress Dashboard and complete her tasks. Happy customers make me happy.