Have you ever had a WordPress security situation where your website presents a white screen? No error message displayed. no clue, just a white screen. This is called the white screen of death. It is caused mainly by plugin vulnerabilities, poor theme coding and some other causes. We will, in this post, look at the four most common causes of the WordPress white screen of death and suggest ways of resolving the issues.
First things first. The White Screen of Death (WSOD) is an anomaly which stems from a host of different issues. You could just find your issue falling under the common symptoms - for which ready-made fixes are available. However, if you can't determine the cause of the problem, then you're better off at the hands of a WordPress expert. But if you can carefully follow the recommended steps to get a fix. It's not so difficult in most cases.
Common Causes and Solutions to the WordPress White Screen of Death
Most often, the cause of the WSOD falls under three general categories. It is rare for your WSOD problem to fall under a category that will really be tough for you to handle. This tutorial outlines simple, and easy to follow steps to fix each of the causes for WordPress White Screen of Death.
1. Plugin Related Issues
You installed a new plugin, updated an old one or tried to modify an active one.
In most WSOD cases, there could be a conflict between your current active theme and the plugin you just installed. In such cases, you could simply disable that particular plugin and everything starts working just fine. However, there is a problem.
The challenge you could face will be how to disable the plugin when your WordPress dashboard isn't working.
You will use an FTP software to identify and fix the problem in such a case.
How to Disable WordPress Plugin via FTP
Disabling a WordPress plugin via FTP is very simple task. As a prerequisite, you must have FTP access, with the correct permissions to your WordPress directory.
On Todhost, you can access your files online using the filemanager. Most hosting providers give you FTP access. However, if you've installed WordPress on a VPS or a cloud server, there is a chance that you haven't installed an FTP server in your VPS. In such a situation, you will need to install an open-source FTP client such as proftpd or vsftp.
Once you have that step cleared, it's time to disable the plugin.
- Login to your FTP server a proper account
- Navigate to your WordPress installation directory
- Enter the the wp_content/plugins folder
- You'll find multiple folders with familiar names inside the plugins folder. Each folder represents a plugin.
- Find and select the folder with the correct plugin name
- Rename it to a different yet recognizable name.
- You're free to choose any name you want. Just make sure that it doesn't collide with another plugin's name and is later recognizable.
- Renaming the folder will permanently disable the plugin.
Once you've completed these steps, check up your browser and see if the site loads. If the problem is solved - then, that was the problem.
Further reading: WordPress Security Plugins
How to Disable All WordPress Plugins at Once
You can follow the above process to disable as many plugins as you want. However, if you want to disable all plugins at one go, then this would take a lot of time. There's a much easier way - rename the plugins folder (to something like plugins_old) and create a new, empty folder labelled plugins. In essence, this would disable all the old plugins in one go. You can move the plugins one by one from the plugins_old folder to plugins, and activate them individually.
When you've modified a particular plugin file which caused the WSOD, then simply disable the plugin via FTP and the site should be working again. It is always a good practice to test modified plugins on a backup site. (Jump to the conclusion for a solution).
2: Theme Related Issues
Similar to plugins, theme related WSOD problems have similar origins. The fix is to disable the theme. The related issues can be caused by:
a. New Theme Installations
Installing a new theme could create a conflict with an existing plugin the classic theme-plugin conflict. In such a case, you simply need to disable the newly activated theme and WordPress would automatically revert to its default theme. Make sure you haven't deleted the default theme. If you have, upload the theme to the themes folder in wp_content.
How to Disable a Theme via FTP in WordPress
This process is almost similar to the process of disabling a plugin, the only difference being that you need to open the wp_content/themes folder instead of the plugins folder. Navigate to the themes folder and rename the specific theme's folder to deactivate it.
Poorly Coded Themes
Many times, major WordPress updates could drive poorly coded themes down the river. A poorly coded and outdated theme might not work with the latest update of WordPress.
If your theme has stopped working right after you updated WordPress, there's a strong chance that the theme is the culprit. In that case, deactivate the theme and things should go back to normal.
Modifying a Theme
WordPress relies on a set of well-constructed objects of code, working in harmony. If one of those parts, say the theme's functions.php file, malfunctions, then WordPress will not work. This leads to the WSOD.
Usually, themes from the WordPress repository or reputed developers are meticulously tested against such defects. A theme straight out of the box would not have a malfunctioning functions.php file. If you get a WSOD when you install such a theme, it's most probably a plugin-theme conflict.
When you modify or update a theme, it could lead to improper code, which drives us to the heart of the problem, i.e. a WSOD. In order to fix this, you could replace the modified file with an old copy. That will be if you have kept a backup. Alternatively, you could upload the original theme files.
3: Exceeding the Memory Limit
This situation is a classic indicator that you've outgrown your current hosting provider. The amount of traffic in your website requires more resources - which your current host cannot provide. It's time for an upgrade. That's good news - your site's growing.
The fix will be to simply Increase your memory limit.
You could try increasing your PHP memory limit by modifying the wp-config.php file. Simply add the following line:
WP_MEMORY_LIMIT = 64MB
A memory limit of 64MB should be sufficient on shared hosts. If the problem still persists, you should consult your hosting provider.
This problem is also common in cheap webhosts that sacrifice quality. In order to make a profit, these hosts cramp in as many customers in one server as possible. As a result, the amount of resources (for example, RAM) per client is significantly reduced. This leads to the WSOD. So if you are on a budget hosting plan that won't allow you to increase your memory limit any more, you're going to have to upgrade your plan.
4: Unknown Causes
Sometimes, the WSOD cause cannot be quite determined, which leads us into a fix. In times like these, you will need to determine the source of the problem.
Fix: Enable the WP_DEBUG mode
Simply add the following lines at the bottom of the wp-config.php file:
define( WP_DEBUG, true)
This tells WordPress to display all the errors that take place on the output screen. You can use this information to determine the cause of the WSOD.
Now you know how to fix this problem. Any idea useful to this problem? Share with us in the comment box.
Website Security: Basic Steps to Take and Stay Protected
Attaining a truly safe and secure website had been a controversial topic and many experts believe there is truly nothing like a hack-proof website. To them, it is only a matter of time before the attackers get you. A number of steps had been recommended, prominent among them is to keep your website updated to prevent any form of hack.
The fact to bear in mind is that no matter how safe you think the website is, there is always someone trying to break into it. Whether it's to distribute spam from your site or to steal personal information, hackers and bots continuously smash against your security protocols. Unfortunately, some of these attempts may gain a foothold of your digital business.
The question of what can be done to make yourself truly unhackable should interest everyone. But that really depends on the type of website you're operating. Regardless of what your site focuses on, you should implement strong online protection to reduce the risks. These steps will ensure strong protection. A strong protection policy will guard against some common exploitation especially in regard to outdated plugin and components.
1. Use HTTPS Domains
A secure socket layer can make sure that the information traveling from your site goes directly to the person accessing it. These secured websites are often identified by the HTTPS in front of the domain name. This denotes the site is secured through encryption and is next to impossible to intercept. With SSL, you build customer confidence
Encrypting the information sent to your visitors eliminates the risk of compromised data transfers. This keeps information safe from snooping while reducing the risks of stealing login credentials. In this environment, by using an SSL on your site, you are helping yourself as well as those who visit your website.
NOTE: Using the HTTPS solution for domains doesn't mean that you are hack-proofing your website. In fact, these focus more on encrypting data transfers from your pages to the visitor. However, it does prevent others from spying on that data transmission and accessing the visitor's login credentials. This information could be used to gain access to the site in order to find other exploits. It's like putting a curtain around an ATM machine. This would give privacy as well as stop someone from looking over a person's shoulder to see the pin code.'
'2. Index Pages In All Folders
'Folders that do not have an index.html page will display contents such as other folders and file systems. This will show the average visitor what exactly is in your website's structure. If you're trying to hide an admin folder or other piece of information, these areas can give hackers a way to identify access points.
This is an easy hole to plug for the most part. A blank index.html will prevent browsers from stumbling across a folder without a page. You will want to check all of your folders to make sure there is a index available. If there isn't one, you can create this using text editor software such as Notepad. Save a blank document as "index.html" and upload it to the folder in question.
Most attacks are performed on those who are easy targets. Unless you operate a high-risk or very public website, most hackers will quickly give up on something that shows any kind of a resistance. Although this measure won't absolutely stop those who are determined to access your site, it does act as a deterrent. It's a bit like posting a sign in your lawn that says your home is being monitored. Most criminals will move on because the risk is too great for an unknown reward.
3. Routine Tests for Vulnerabilities
The more popular your website becomes, the greater the threat could be for security. By using a cyber-security organization or even security plugins to test your site's functionality, you can address exploits quickly. Usually, these companies and plugins have extensive tools and capabilities that are used to test the limits of your website. When considering the alternatives, having security measures such as these can be enlightening for finding its week points.
An extremely useful procedure is that of penetration analytics. Essentially, you'll hire a cyber security company or use high-end software with the sole purpose of hacking your own site. Since you're in control during this procedure, there is less of a threat when discovering the holes in security. The resulting reports will show you the weak spots in your site and how to seal them up.
Validate All Code
4. Deny Access Through .htaccess
This had been one of the strongest approach to website security. The .htaccess file can be used to help eliminate access to your login page from any IP address other than your own. Although there are ways to circumvent this measure, it's still a very useful stopgap to prevent those looking for an easy target. This kind of a method is ideal for websites that use WordPress or other content management system. You can edit the .htaccess file with Notepad or use your online editing system such as that provided by cPanel. In the .htaccess file located in your admin folder, enter in the following:
order deny, allow
deny from all
allow from XXX.XXX.XXX.XXX
In place of the X's, use the IP address that is assigned to you by your Internet service provider. In the event you have others working on the site with you, simply add another "allow from" line under the first with their IP addresses as well.
The downside to this method is that you must keep it updated should your IP address change. Not everyone pays for a static IP address, and many ISPs will change the number you use once every eight days or so. One way to get around this problem is to only input the first two series of the IP address. For example, 123.456. This will allow you to continue accessing those pages from that specific ISP. You can use this method to protect your folders/directories by adding the code above in all folders. Remember that you have to create the .htaccess file before adding the above restriction through the htaccess file.
Should I Worry About DDoS and DoS Attacks?
Denial of service attacks are extremely difficult to stop. The purpose of these assaults is to prevent others from accessing your website by bombarding it with fake traffic. Luckily, these kinds of attacks are not meant to hack your site or steal data. However, it can be frustrating to be targeted as it could drive the productivity of the site to a standstill. Many security measures are already put into place by your web hosting provider to address DOS and DDOS attacks. Unfortunately, DDoS and DoS attacks are next to impossible to prevent simply because the nature of changing IP addresses from the attacker or attackers but most web hosts have an internal system to prevent DOS and DDOS.
Although there is truly nothing that is 100 percent hack-proof, the methods mentioned here can greatly reduce the risk to your site. As long as you remain vigilant about protecting the data of visitors and staff, you can remain ahead of some of the most potent hacks out there. Make sure you keep your proverbial doors and windows locked and secured on your digital space.