• The ﬁrst step when faced with the WSOD is to check
your error logs. These usually provide helpful insights
to where the issue is coming from.
• They are usually accessible via FTP - in most cases
you can ﬁnd error logs stored in a folder just below your
site’s root directory.
• Example log entry:
Searching Error Logs
How do I ﬁx a plugin issue?
• Check for updates - updates may have been made to
ﬁx some plugin issues you may be having.
• Disable the plugin - disabling plugins with coding errors
in them usually ﬁxes the problem, from there it may be
worth re-installing the plugin.
• In case of WSOD where there is no access to the
WordPress admin panel - you want to know how to
safely remove the plugin.
Safely disable plugins
Disable a plugin by renaming it via FTP / File Manager:
Disable a plugin via WP-CLI:
wp plugin deactivate plugin-name --skip-plugins
Changing your theme FTP / File Manager:
If you rename your theme via FTP this will disable the theme - but it will
cause your site to display a white screen on all pages except the wp-
admin section. You can go directly to the wp-admin section and enable a
safe theme after doing this.
Changing your theme via WP-CLI:
wp theme activate theme-name --skip-themes
Memory issues are commonly caused because a theme
needs more memory than WordPress has allocated to it.
To ﬁx this you need to allocate more memory to
WordPress. You can add this line to your wp-conﬁg.php:
Depending on your hosting set up this value may need to
be stored elsewhere - ask your host if you are unsure!
an open source (GPL) anti-virus engine which
includes command line scanning to check ﬁles and
folders for issues.
WP-CLI allows us to scan the WordPress core feels for changes - the vast majority of
WordPress sites should not need any changes making to their core ﬁles. This is a good
indication of an issue.
wp core verify-checksums
Some quick checks if you suspect an issue:
Creating a clean WordPress Install
1. Use the WordPress Export tool to create a copy of
your custom content - your posts, pages, comments,
meta data and media. This will store the content in
a .XML ﬁle for later import.
2. Create a brand new WordPress installation - new
database, users and no theme/plugins.
3. Create your users - they are not backed up.
4. Run the import tool from within WordPress - this will
restore your custom content on to the new site.
5. You will then be given the option to assign imported
authors to existing authors on your website.
6. Re-install your plugins and theme
from the WordPress repository.
WPScan is a command line tool you can install on your server which scans
WordPress websites for known vulnerabilities, as well as offering advice on
how you can make security improvements to your WordPress install.
Changing your user’s passwords
1. Login to the WordPress admin dashboard
2. Select ‘Users’ then ‘All Users’ from the side
3. Click on the username you wish to edit.
4. Scroll down to ‘Account Management’ to set
a new password, change it, and hit ‘Update
Preventing spam comments
WordPress sites are victim to a lot of spam commenters. There
are many ways to prevent and reduce the number of
comments you are getting.
Installing a plugin to tackle the spam comments is
There are many spam protection plugins to choose from:
• SI Captcha Spam
• Tick Captcha
• WP Spam IP
[06-Sep-2016 19:58:10 UTC] PHP Notice: Trying to get property of non-object in /var/
Sometimes you will encounter issues where your error logs
may not be offering any clear insights. A good extra check is to
enable WP_Debug - this will enable extra error logs to display
directly on your WordPress pages.
Additional Safety Tips
• Enable automatic updates
• Security plugins such as ‘Sucuri’, ’Limit Login Attempts’
• xmlrpc.php protection
• Host security - Fail2ban
• Use passphrases and two factor authentication
• Make sure you are setting the correct user roles
• Running out of disk space
• Set a reasonable backup schedule
• Only backup wp-content and database.
• Try to use a remote storage solution -
Dropbox, Google Drive.
Common backup plugin
issues & tips
Fixing broken permalinks
1. Login to your WordPress
2. Click on ‘Settings’ > ‘Permalinks’
3. Switch permalinks to default
4. Switch permalinks back
Note: Ensure .htaccess is writable by the
Transients are options temporarily
stored in your database. Many of
these can cause your site to
• You can remove unused transients
by installing the ‘Transient
• Alternatively consider setting up
key storage such as Redis on your
File ownership / permission issues
Sometimes WordPress will
behave strangely. Such as
asking for FTP details to install a
This is a common result of incorrect
ﬁle ownership or permissions. Always
ensure you have your ﬁles and
folders set correctly.
Most times ﬁles should
have their permissions
set to 644 and directories
to 755. But ask your host
if you are worried about
setting the correct ﬁle
Do not set permissions to
Always disable caching on your site when
you are developing or regularly ﬂush the
cache to see your updated content.
You can ﬂush your cache using WP-CLI:
wp cache ﬂush
wp core offers commands related
to the core WordPress ﬁle setup.
• wp core update
• wp core download
• wp core version
• wp core verify-checksums
wp option is used for managing
options within WordPress
• wp option get siteurl
• wp option get home
• wp option update siteurl http://correctsiteurl.com
• wp option update home http://correctsiteurl.com
- Great for newly migrated sites
wp plugin commands allow you to edit
and manage your plugins
• wp plugin list
• wp plugin deactivate plugin-name
• wp plugin update plugin-name
wp theme commands allow you to
edit and manage your themes
• wp theme activate theme-name
• wp theme update theme-name
wp db allows you to manage
your database using WP-CLI
• wp db import mydatabase.sql
• wp db repair
• wp db cli
wp user allows you to
manage your WordPress
• wp user list
• wp user delete #
Creating a new administrator
Any thoughts or questions?