How to fix a WordPress website

Last October, my friend Virginie called me in a panic on the weekend. Her cooking recipes website, La Cuisine de Micheline was down! Here’s how I helped her bring it back online.

She updated WordPress through the admin interface and when it was done, She told me she tried to fix it by reading different tutorials but couldn’t figure out how to follow the steps correctly as she’s not a developer, so here I come.

Last time I worked on a WordPress site was seven years ago (a lifetime in terms of web development), and I was never an expert on it. Fortunately, I learn a few things about CMS from my experience that can save your life:

Most of them are written in PHP

Like it or not, having some PHP knowledge, especially around debugging it, is a must-have.

Beware the default configuration

Compared to NodeJS or Golang not requiring an HTTP front server like Nginx, PHP is always bundled with one (commonly Apache). The configuration is shared across the whole stack, and it involves different files: php.ini, httpd.conf, Etc. Settings can be overwritten at the directory level with a .htaccess file and the default configuration may not be changed (or even visible) depending on your hoster.

Plugins are great, plugins are evil

WordPress, Joomla, Drupal, Wikimedia, Discourse have a huge ecosystem of add-ons to extend the features of your website. The problem is that many of them aren’t maintained, not compatible with your CMS version, poorly written (they may have side effects that break other plugins) or even worse, take advantage of your website (many WordPress themes were sending users data to 3rd party servers without disclosing it). Install them at your own risks!

Backup, always backup

I can’t even stress this much. Please backup your website constantly. If you can do that automatically regularly (daily or weekly), please do it. The one thing to remember though, is that not only the database needs to be saved, all the files on the FTP side too, as this is where your CMS store your uploads like image posts.

Cache can bite you back

PHP is running on a CGI system, meaning it’s going through your whole script file (or files in case of an extensive system like a CMS) for each HTTP request. You don’t have to restart your servers like with Python, Java or NodeJS. However, performance isn’t high because, in the case of WordPress, it can be hundreds of files that he has to go through to respond to each request. To enhance performances, most PHP frameworks come with a caching system where rendered pages (or partial pieces of them) are stored in plain HTML files (Redis or Memcached didn’t exist at that time, and most mutual hosters don’t propose them). The issue though is that your website might show a broken page, even though you already fix the problem.

PHP 5 is dead

PHP 7 was announced in 2012 and released in 2015. PHP 5 is deprecated since 2016, but still, 5.3% of websites are still running on it. It was the case of my friend’s website but wasn’t the cause of this meltdown. Still, as PHP 7 is getting new features, PHP 5 won’t be able to run your favourite CMS forever. More importantly, it’s not getting any security updates, which should scare you already.

In the case of my friend’s website, every page was completely white with no content. For security reasons, most hosting platforms hide critical PHP errors when the page is broken to avoid leaking confidential information like MySQL credentials. In that case, a blank page is displayed instead. On top of that, Wordpress debug mode disabled by default, so it’s not easy to figure out what’s the issue.


I downloaded her entire website through FTP as a backup. I used Transmit on Mac, and it’s a great tool ($49). Make sure you have a good connection and set the maximum parallel transfers to 10 or 20 as most files are PHP and aren’t bigger than 20 KB. I also exported her MySQL database (articles and comments are stored there).

Enable developer mode

I edited the wp-config.php file on the root directory of my friend’s website to enable WordPress to debug and disabled caching. At the end of the file, you should find this line:

set('WP_DEBUG', false);
set('WP_CACHE', true);

You have to change it to:

set('WP_DEBUG', true);
set('WP_CACHE', false);

Upload back the file through your FTP client.

Hide the plugins

I renamed her plugins folder in wp-content to plugins.old, a different name to trigger some errors display. I checked the website, and the page wasn’t fully rendered, but I could see some errors displayed that helped me figure out what was the issue. In her case, one cache plugin was requiring some missing dependencies.

Beware of side effects

It wasn’t still clear if there were more than one plugin causing troubles, I started to move back each plugin, one folder at a time until the page was blank again. Fortunately, that cache plugin was the only issue.

Spring cleaning

I was able to log in into the admin interface and enable only the required plugins. As not everyone is checking the code behind plugins or themes, it’s the time to spring cleaning, remove unneeded dependencies and update the ones which are out of date.

Clean the cache

If you have a cache folder in your root directory, remove it. It forces WordPress to rerender all your website pages once you enabled back caching (don’t forget to do it).

Wrapping up

Before finishing up, I updated her website to the last version of PHP and made sure it didn’t have a conflict with any of its plugins nor themes. In retrospect, I should have emulated a similar environment as her hosting one on my computer and fix it directly there as it would have been faster and safer to enable the PHP to debug mode. She was stressed, and I didn’t have the right tools.

As a lesson for developers, be careful whenever you use a new tool within your infrastructure. Not having the right platform skills whenever you have a problem can result in a severe business meltdown. Wordpress is commonly criticised for its security (it’s a 3rd party plugin or themes issue) but as a blogging platform, it’s the most advanced and famous in the open source, I would still definitely recommend it for everyone.

Any thoughts or comments? Ping me on Twitter @yrezgui