What this tool does
It provides step-by-step articles for errors, caching, plugins, security, backups, WooCommerce, and email deliverability.
Step-by-step guides for common WordPress issues — from white screens and media upload errors to WooCommerce troubleshooting and security hardening, written for UnderHost customers.
define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); to wp-config.php. Check the debug log at wp-content/debug.log for the actual error.wp-content/plugins folder to plugins.bak via File Manager or FTP. Reload — if the site comes back, a plugin is the cause. Rename back and reactivate one by one.mytheme → mytheme.bak). WordPress will fall back to the default theme.define('WP_MEMORY_LIMIT', '256M'); to wp-config.php. Low memory is a frequent WSOD cause.error_log at your site root. The log usually points directly to the problem..htaccess to .htaccess.bak. Reload. If the site loads, regenerate the file in WordPress → Settings → Permalinks → Save Changes.plugins folder.php_value memory_limit 256M to .htaccess or update php.ini if available in your hosting environment.755, files 644. Use File Manager or FTP to correct permissions on wp-content.wp-config.php and verify DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST are correct. DB_HOST is usually localhost.define('WP_ALLOW_REPAIR', true); to wp-config.php, then visit yoursite.com/wp-admin/maint/repair.php. Remove the line after.wp_options table is a common culprit..maintenance file is left in the site root, keeping the site in maintenance mode indefinitely.wp-config.php). Find the file named .maintenance and delete it. Enable "Show Hidden Files" if you don't see it./* That's all */: define('WP_HOME', 'https://yourdomain.com'); and define('WP_SITEURL', 'https://yourdomain.com');.htaccess to .htaccess.bak and test. If the loop stops, a bad redirect rule in that file is the cause..htaccess file inside the wp-admin/ folder can block the login session. Via FTP or File Manager, rename wp-admin/.htaccess to .htaccess.bak and test.wp-content/plugins to plugins.bak, try logging in, then rename back./wp-login.php and /wp-admin/.http://yourdomain.com references to https://yourdomain.com.UPDATE wp_options SET option_value = REPLACE(option_value, 'http://yourdomain.com', 'https://yourdomain.com'); Run similar queries on wp_posts and wp_postmeta.define('FORCE_SSL_ADMIN', true); to force the admin area over HTTPS.http:// URLs in templates. Search your theme files for http:// and update to https:// or use // (protocol-relative) URLs.wp-config.php and search for DISABLE_WP_CRON. If it's set to true, WP-Cron is off and scheduled tasks won't fire automatically.wget -q -O - "https://yourdomain.com/wp-cron.php?doing_wp_cron" >/dev/null 2>&1 — set it to run every 5 or 15 minutes. This is more reliable than the default WP-Cron trigger.wp-comments-post.php without loading the page — add a referer check to block these.define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', false); Then check wp-content/debug.log.wp-content/plugins to plugins.bak. Log in, then rename back and identify via the admin.wp-content/ and rename the plugins folder to plugins_disabled. WordPress will deactivate all plugins.plugins. WordPress will show all plugins as deactivated — re-enable them individually from wp-admin.wp-content/plugins/ and rename the specific plugin folder (e.g., jetpack → jetpack_off).wp_options table, find the row where option_name = 'active_plugins'. Set option_value to a:0:{} to deactivate all plugins.wp-content/plugins/. For themes: wp-content/themes/.755, files 644. Incorrect permissions cause "could not create directory" or activation errors.AUTOMATIC_UPDATER_DISABLED or WP_AUTO_UPDATE_CORE. If set to false, auto-updates are disabled globally.755 and files 644. If WordPress can't write files, updates will silently fail.define('DISABLE_WP_CRON', true); is set in wp-config.php and no real server cron is configured as a replacement, scheduled tasks won't run.define('WP_AUTO_UPDATE_CORE', 'minor');hero-image.jpg. This alone fixes the error in many cases.define('WP_MEMORY_LIMIT', '256M'); to wp-config.php. Insufficient memory during image resizing causes the HTTP error.wp-config.php: define('WP_IMAGE_EDITOR_CLASS', 'WP_Image_Editor_GD'); A misconfigured ImageMagick installation is a frequent HTTP error cause on shared hosting..htaccess to .htaccess.bak and try uploading again. A corrupted rewrite rule can interfere with the upload handler..htaccess file: php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300php.ini in the site root, create or edit it and add: upload_max_filesize = 64M
post_max_size = 64M
max_execution_time = 300upload_max_filesize and post_max_size, and increase both.post_max_size is smaller, the upload will fail regardless of the file size limit.wp-content/uploads/ directory. This is almost always a file permissions or disk space problem.wp-content/uploads/ directory must be writable by the web server. Set it to 755 via cPanel File Manager → right-click → Change Permissions. If 755 doesn't work, try 775 — but never use 777.wp-content/ in File Manager. If the uploads folder doesn't exist, create it and set permissions to 755.uploads/2026/05/). If the web server user can't create subfolders, uploading fails. Setting the uploads root to 755 and owner to the correct user fixes this.ls -la wp-content/uploads/. The directory owner should match your web server user (typically nobody or your cPanel username). Contact UnderHost support to correct file ownership if needed.wp search-replace "https://oldsite.com" "https://newsite.com" --all-tableswp-content/uploads/ in File Manager. If the images physically aren't there, you need to re-upload or transfer them from the old server via FTP..htaccess was copied over, it may contain redirect rules pointing back to the old domain. Review and clean up any old redirect rules.upload_files capability. In rare cases, a plugin can strip capabilities from existing users. Confirm via Users → your profile that your role is Administrator.yoursite.com/wp-login.php → Lost your password? Enter your username or admin email address and submit.wp_users table → find your user → click Edit. Set user_pass to a new MD5-hashed password (use a tool like md5hashgenerator.com). Save.wp user update 1 --user_pass="NewPassword123" from SSH to reset the admin password instantly.wp_users table → Insert tab. Fill in: user_login (username), user_pass (select MD5 from the function dropdown and type your password), user_email, user_registered (current datetime), user_status = 0, display_name. Click Go.ID value (e.g., 3).wp_usermeta → Insert. Add two rows: (1) user_id = your new ID, meta_key = wp_capabilities, meta_value = a:1:{s:13:"administrator";b:1;}. (2) user_id = your ID, meta_key = wp_user_level, meta_value = 10.yoursite.com/wp-login.php and log in with your new username and password.wp_options table. Find the row where option_name = 'admin_email' and update option_value to an email you can access.user_email in the wp_users table for the admin account to match the new email.wp user update 1 --user_email="newemail@domain.com" then wp user reset-password 1define('DISABLE_WP_CRON', true);. Then set up a real cron in cPanel → Cron Jobs: wget -q -O - https://yourdomain.com/wp-cron.php?doing_wp_cron every 15 minutes. Frequent wp-cron calls during page loads slow the admin.max_execution_time to 120–300 seconds for your domain to prevent timeout on complex admin tasks.define('WP_MEMORY_LIMIT', '256M'); before /* That's all, stop editing! */.php_value memory_limit 256M to the top of your .htaccess file.php.ini, add memory_limit = 256M.memory_limit and increase it. and check the memory_limit value.644.define('WP_POST_REVISIONS', 5); to wp-config.php to stop database bloat from unlimited revisions.define('WP_REDIS_HOST', '127.0.0.1'); and install the WP Redis plugin.loading="lazy" to images). Verify it's not being disabled by your theme or a page builder. Lazy loading defers off-screen images until the user scrolls near them.<link rel="preload" as="image" href="hero.jpg"> to your theme's <head>. Serve images via CDN. Avoid render-blocking resources above the fold. Use a fast hosting plan.width and height attributes on images and videos so the browser reserves space before they load. Avoid injecting content above existing content (banners, cookie notices).define('WP_POST_REVISIONS', 5); to wp-config.php. WordPress stores unlimited revisions by default, causing database bloat over time.wp_options. Expired transients accumulate over time and slow queries on the options table.wp_postmeta or wp_options cause slow queries. Contact UnderHost support for database-level optimization on high-traffic sites.defer or async attributes to non-critical scripts. Deferred scripts load after the page HTML renders, eliminating render-blocking.<head>. Load the full stylesheet asynchronously. WP Rocket and NitroPack automate this.define('DISALLOW_FILE_EDIT', true); to wp-config.php.wp-content/uploads/ (PHP files should not exist here), wp-includes/, functions.php injected code..htaccess: <Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>functions.php: add_filter('xmlrpc_methods', function($m){ unset($m['system.multicall']); return $m; }); — this blocks the method most abused in brute-force attacks.xmlrpc.php POST requests. Hundreds or thousands of hits per day is normal for a targeted site — blocking XML-RPC will immediately reduce server load.http:// to https://.RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]http://yourdomain.com to https://yourdomain.com in the database.define('FORCE_SSL_ADMIN', true); to keep the admin area always on HTTPS./wp-login.php to a custom URL like /mysecretlogin. This alone blocks the vast majority of automated attacks that only target the default URL.wp-admin/.htaccess: Order Deny,Allow
Deny from all
Allow from YOUR.IP.HERE/wp-login.php that don't match your country or IP.755. Files: 644. wp-config.php: 600 (read/write by owner only). .htaccess: 644.find /path/to/wordpress -type d -exec chmod 755 {} \; and find /path/to/wordpress -type f -exec chmod 644 {} \;600: chmod 600 wp-config.php. Also add to .htaccess: <Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>.htaccess inside wp-content/uploads/ containing: <Files *.php>
deny from all
</Files> — this prevents uploaded PHP shells from executing.wp-config.php with the correct database credentials.UPDATE wp_options SET option_value = replace(option_value, 'old-url.com', 'new-url.com');newdomain.com/installer.php and follow the wizard.wp search-replace "oldsite.com" "newsite.com" --all-tablesmail() function by default. Most shared hosts restrict this to prevent spam abuse, causing notification emails, password resets, and contact form messages to silently fail.mail.yourdomain.com for cPanel), port (587 with STARTTLS or 465 with SSL), username (full email address), and password.wordpress@yourdomain.com). Emails sent from a domain that doesn't match your From address are flagged as spam.wp_mail() function.v=spf1 include:yourmailserver.com ~all. If using UnderHost mail servers, cPanel AutoSSL usually configures this automatically._dmarc.yourdomain.com with value: v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.com. Start with p=none (monitor mode) before switching to p=quarantine or p=reject.mail.yourdomain.com for sending. This protects your main domain's reputation if emails are marked as spam.wp_mail(). Installing WP Mail SMTP with a proper SMTP provider fixes deliverability for all of them at once.[woocommerce_checkout] shortcode (or the WooCommerce Checkout block). If this page was deleted or reassigned, checkout breaks./checkout/ from your cache rules./wc-api/WC_Gateway_Paypal/ endpoint.https://yourdomain.com/?wc-api=wc_stripe./cart/, /checkout/, /my-account/. Caching these pages breaks cart totals and checkout flow.wp_posts and wp_postmeta. Thousands of old orders slow queries. Use the WooCommerce Order Archiving feature or a cleanup plugin to archive/delete orders older than 1–2 years.Free diagnostic tools for your hosting infrastructure.
UnderHost offers managed WordPress hosting, migration help, and expert technical support. Get real human help when you need it.
WordPress Help collects practical troubleshooting guides for common site errors, performance problems, email issues, and maintenance tasks.
It provides step-by-step articles for errors, caching, plugins, security, backups, WooCommerce, and email deliverability.
Search or browse by category, then follow the article steps in order. Make backups before changing files, plugins, or database values.
The guides help narrow the likely cause. If an issue touches server logs, DNS, SSL, or mail routing, pair the article with the relevant UnderHost tool.
WordPress problems often involve both the CMS and hosting environment, so practical diagnostics reduce downtime and speed up support.









































