How To: Debug WordPress
Something wrong happened while you were using a plugin in WordPress (freeze, or something similar) or your website is crashing with a blank screen, or anything else?
Checking your PHP Error Logs is the first reaction you should have. The PHP Error Logs is not the Access Error Logs (which is the error related to your web server and not PHP).
Where is the PHP Error Logs
You can access them through the admin given by your hosting service (not the WordPress one). Depending on your hosting service, they can also be accessed by an additional plugin (Error Log Monitor (Error Log Monitor) or even the Meow Apps Dashboard (at the bottom right on it you will find a link to your logs). They contain errors related to programming errors but also memory, space, and execution time issues.
Please note that the PHP Error Logs is rarely empty. Unfortunately, PHP Error Logs are not always accessible. If you find an empty file or no file at all, the logs might be disabled. Ask your hosting service to make sure. You must know if your logs are really working otherwise you will always have issues and never know where they come from.
There is an additional thread on StackOverflow where people are discussing this, have a look here: Where does PHP store the error log?
Check the Network activity
You will need to use Google Chrome. You can do it using other browsers but Google Chrome is the most convenient.
This is an important check, especially when a plugin is performing asynchronous actions (long-running process). Open your Google Chrome’s “Developer Tools” (https://developer.chrome.com/devtools) and click on the Network tab. Starts the process again until the issue occurs.
Go back to the Network tab, filter by XHR (those are the asynchronous requests, basically the discussion between your browser and the server, after the website has been loaded). Click on red colored request or the last request that was executed (in the left column, it’s usually admin-ajax.php) and look at the right window, in the XHR and Preview tab.
The Response tab might contain something interesting, like an error, or a broken reply from the server (if it is HTML, that’s also an issue as the message from the server is usually tiny and using JSON format). Please also check the Console window (look at the top of this window), as it might have some interesting information as well.
The Infamous Request Timeout
Those timeouts really depends on your WordPress install and your server. For each page load, or for each asynchronous requests (in the case of many Meow Apps plugins for example), WordPress (or actually, PHP) needs to load itself every time. All the plugins are also loaded at this time and every time and sometimes even perform a task. Generally, servers kill those tasks if they exceed 30 seconds. Nothing else will be displayed to you, the connection will be cut. What can you do?
- Check the PHP Error Logs first. Maybe it is actually an error.
- Enhance your system (by using PHP 7, increasing memory, processor speed, or simply by optimizing the database).
- Turn off as many plugins as possible.
- Increase the execution timeout in PHP. Have a look at this thread on StackOverflow: How to increase the Execution Timeout.
If you are using Media Cleaner, be careful about the plugins you disable. If the plugins have an impact on how the content is used, it should be kept activated as Media Cleaner might use it (plugins such as ACF, WooCommerce or Visual Builders). You can also check the Advanced settings of Media Cleaner. Try to add a bit of delay (1000 or more) and lower the posts and analysis buffer (down to 5, or even less).
WordPress disable error php
We use WordPress for our company website and it has crashed for no discernible reason. It gives an error message like this:
After reading up, it seems that WordPress does not work well with FastCGI and doesn’t need to be used with it. Would anyone kindly be able to tell me how to turn FastCGI’s interaction with WordPress off?
I have had the same experience. To disable FastCGI on my wordpress installations, I have done the following:
In the IIS manager, I created an App Pool for wordpress. Then, under "Web Sites", browse to the folder containing your WordPress installation. Right click on that folder, and select "Properties."
On the "Directory" tab, create an application. Select the App Pool created for WordPress, and then click the "Configuration" button. Remove any Wildcard application maps. In the list of Application extensions, scroll down to ".php" and click "Edit. ". Set the executable path to wherever you installed PHP, with php-cgi.exe as the executable (e.g. c:\ProgramFiles\PHP5\php-cgi.exe).
Save, restart IIS, and it should work.
What I would like to know is how to completely disable fastcgi once it’s been set up.
Disable REST API
** Version 1.4 now supports whitelisting of individual routes within the REST API **
The engine for the API has existed in WordPress since v4.4, but additional functionality and endpoints are a
continual project. While this is very exciting news for many reasons – and many plugins, themes, and even pieces of
WordPress core are already beginning to use the REST API – it is also not functionality that every site admin is going
to want enabled on their website if not necessary.
As of WordPress 4.7, the filters provided for disabling the REST API were removed. To compensate, this plugin will
forcibly return an authentication error to any API requests from sources who are not logged into your website, which
will effectively still prevent unauthorized requests from using the REST API to get information from your website.
For WordPress versions 4.4, 4.5 and 4.6, this plugin makes use of the rest_enabled filter provided by the API to
disable the API functionality. However, it is strongly recommended that all site owners run the most recent version
of WordPress except where absolutely necessary.
- The JSON returned by a website with the API disabled via filters (WP versions 4.4, 4.5, 4.6)
- The JSON returned by a website with the API disabled via authentication methods (WP versions 4.7+)
- Upload the disable-json-api directory to the /wp-content/plugins/ directory via FTP
- Alternatively, upload the disable-json-api_v#.#.zip file to the ‘Plugins->Add New’ page in your WordPress admin
- Activa el plugin desde el menú ‘Plugins’ de WordPress
While logged into WordPress as any user, the REST API will function as intended. Because of this, you must use a new
browser – or Chrome’s incognito mode – to test your website with a clean session. Go to yourdomain.com/wp-json/ (or
yourdomain.com/?rest_route=/ if you have pretty permalinks disabled) while NOT LOGGED IN to test the results. You will
see an authentication error returned if the plugin is active. “DRA: Only authenticated users can access the REST API.”
Does this plugin disable all REST API’s installed?
This plugin is ONLY meant to disable endpoints accessible via the default REST API that is part of WordPress itself. If
a plugin or theme chooses to register its namespace with the core REST API, its endpoints will – by default – by
disabled so long as this plugin is active. Namespaces and routes may be whitelisted via this plugin’s Settings page.
How to disable xmlrpc.php?
While monitoring my system I have notices increased number of requests to xmlrpc.php. Every single of those requests took 200MB to 205MB of ram and resulted in system instability and in few occasions it caused my 8GB Digital Ocean Droplet to go out of memory and eventually crashed leaving all my sites not working for some 10hours or so.
Recently I’ve read that many hackers now use xmlrpc.php instead of wp-login.php to execute their brute force attacks. And the problem is – since WordPress 3.5 you can’t disable the use of xmlrpc, at least not from the WordPress control panel.
There are many ways to do that and I’ll write some:
1. Deleting xmlrpc.php file
This is really not recommended. Also after WordPress (auto)update the deleted file will be replaced so it’s not really smart to do this, but I just wanted to write this just in case someone doesn’t try to do this.
There are several plugins that can do this. I found these two to be the most used ones: Disable XML-RPC and XML-RPC Pinkback. Both plugins are really basic (only couple lines of code) but they should be able to help you out and protect your blog against those attacks.
3. Adding filter to theme functions.php file
This is basically same thing as the plugin above, but you have one plugin less. All you need to do is to edit your theme’s functions.php and add these couple of lines:
4. Block access at .htaccess
You can simply add this one line of code to your .htaccess file and block the access to the xmlrpc.php file entirely. User accessing the xmlrpc.php will get the 403 Forbidden error.
5. Blocking access in nginx
If you are running nginx instead of Apache you should add this code to your nginx configuration:
6. Block on entire server
If you have one server or VPS with tens of hundreds of WordPress installations (like me) any of the solutions above will take time to implement. So the best thing to do is to block access to xmlrpc.php file on Apache level, simply by adding this to httpd.conf file:
Or even better adding this code (that also blocks wp-trackback.php and also prevent’s trackback hacking attempts).
If you don’t use XML-RPC than you can safely disable it using any of the methods above (except the first one, of-course) and protect your blog against xmlrpc hacks.
This post helped you out? Why not buy me a coffee?
RESTRICT_SYSLOG is disabled error at CSF
How to fix Openssl Heartbleed vulnerability
When CSF firewal is enabled – ping reports lots of lost packets
How to add Iframes in WordPress posts or pages
WordPress 3.5 custom media upload path missing