500 Internal Server Error: 12 Causes and How to Fix Each (With Commands)
A 500 Internal Server Error means your server hit a fatal error while trying to serve your page. Unlike 404 (“not found”) or 403 (“forbidden”), the 500 status is a generic “something broke” signal from the server, it does not tell you what. The actual cause is hiding in your error logs, and nine times out of ten it is one of a dozen well-known culprits. This guide walks through each cause, how to identify it from the error log, and the exact fix.
If your site is down right now, jump straight to the Emergency WordPress Playbook section. It lists the five fastest fixes that resolve around 80% of cases in under 10 minutes.
What a 500 Error Actually Means (And How It Differs from 502, 503, 504)
HTTP 5xx codes all indicate server-side failures, but each one means something specific. Confusing them leads to wasted troubleshooting time.
| Error | Meaning | Typical Cause |
|---|---|---|
| 500 | Server received your request but hit a fatal error while processing it | PHP crash, .htaccess issue, plugin error, database failure |
| 502 | Bad Gateway, upstream server returned invalid response | PHP-FPM crashed, Nginx cannot reach Apache, proxy issues |
| 503 | Service Unavailable, server temporarily overloaded or in maintenance | Traffic spike, resource limits hit, planned maintenance |
| 504 | Gateway Timeout, upstream server took too long to respond | Slow database query, long-running PHP script, network timeout |
If you see 500, the server accepted your request and then crashed trying to handle it. Your job is to figure out why it crashed. The answer is almost always in the error log.
Step Zero: Read the Error Log
Before touching anything, check your error log. This single step saves hours of guessing. On any AEserver cPanel hosting, you have two places to look.
Option 1: cPanel Errors Tool
Log in to cPanel, search for Errors (under the Metrics section), and click. You see the last 300 error messages from Apache. Real examples of what you might find and what each means:
[Sat Apr 20 14:23:11] [core:error] [pid 12345] (13)Permission denied: /home/user/public_html/.htaccess: access denied
→ File permission or ownership problem on .htaccess.
PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 20480 bytes) in /home/user/public_html/wp-includes/class-wpdb.php on line 2192
→ PHP memory exhausted. Need to increase WP_MEMORY_LIMIT.
PHP Parse error: syntax error, unexpected token "}", expecting end of file in /home/user/public_html/wp-content/plugins/bad-plugin/bad-plugin.php on line 47
→ A plugin has corrupted PHP code. The exact file and line number are named, rename that plugin folder to disable it.
Option 2: Direct error_log Files
PHP writes its own errors to error_log files inside each directory. Via File Manager in cPanel or SSH, check:
/home/USERNAME/public_html/error_log /home/USERNAME/public_html/wp-content/error_log /home/USERNAME/public_html/wp-admin/error_log
If you have SSH access on a VPS or dedicated server:
tail -100 /home/USERNAME/public_html/error_log
Or watch the log live while you try to reproduce the error:
tail -f /home/USERNAME/public_html/error_log
Emergency WordPress Playbook (5 Fastest Fixes)
When your site is down and wp-admin is inaccessible, try these five steps in order. One of them fixes the problem in roughly 80% of WordPress 500 errors.
Fix 1: Rename .htaccess
In cPanel File Manager, open public_html, enable “Show Hidden Files” in Settings, and rename .htaccess to .htaccess_disabled. Reload your site. If it works, the .htaccess was corrupted.
To regenerate a clean one: log in to wp-admin → Settings → Permalinks → click Save Changes without changing anything. WordPress writes a fresh .htaccess.
If you want to manually recreate it, this is the default WordPress .htaccess:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Fix 2: Disable All Plugins at Once
Cannot get into wp-admin to disable plugins individually? Rename the entire plugins folder. In File Manager:
public_html/wp-content/plugins → public_html/wp-content/plugins_disabled
Reload your site. If it works, a plugin was the cause. Rename the folder back, then disable plugins one by one in wp-admin until you find the culprit.
Fix 3: Switch to a Default Theme
In File Manager, rename your active theme folder:
public_html/wp-content/themes/your-theme → public_html/wp-content/themes/your-theme_disabled
WordPress automatically falls back to a default theme (Twenty Twenty-Four or similar). If the site now loads, your theme was the problem.
Fix 4: Increase PHP Memory Limit
Edit public_html/wp-config.php via File Manager. Find the line /* That's all, stop editing! */ and add this line just above it:
define('WP_MEMORY_LIMIT', '256M');
Save and reload. If memory exhaustion was the cause, the site loads.
Fix 5: Enable WordPress Debug Mode
Still unknown cause? Turn on WordPress debug logging. Edit wp-config.php and find this line:
define('WP_DEBUG', false);
Replace it with:
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);
@ini_set('display_errors', 0);
Save. WordPress now writes errors to wp-content/debug.log. Visit your site, trigger the error, then open debug.log in File Manager. It names the exact file and line causing the crash.
WP_DEBUG_DISPLAY to false so visitors do not see raw errors. Once you identify the issue, set WP_DEBUG back to false to avoid exposing sensitive paths in production.
12 Common Causes of 500 Errors with Specific Fixes
Cause 1: Corrupted .htaccess File
The most common cause on WordPress and Apache-based sites. A plugin update, a security plugin, or a manual edit writes a bad rule and the entire site breaks.
Log signature:
[alert] Invalid command 'RewriteRule', perhaps misspelled or defined by a module not included in the server configuration
Fix: Rename to .htaccess_bak, regenerate via Settings → Permalinks in WordPress (see Fix 1 in the Emergency Playbook).
Cause 2: PHP Memory Exhausted
WordPress, WooCommerce, or a heavy plugin tried to allocate more memory than your PHP process is allowed.
Log signature:
PHP Fatal error: Allowed memory size of 134217728 bytes exhausted
Fix: Add to wp-config.php (for WordPress):
define('WP_MEMORY_LIMIT', '256M');
define('WP_MAX_MEMORY_LIMIT', '512M');
Or raise PHP memory at the server level in .user.ini (create it in public_html if not there):
memory_limit = 256M max_execution_time = 300 max_input_vars = 3000
If your hosting plan enforces a ceiling (most shared plans cap at 256 or 512 MB), contact support or consider upgrading. On Cloud VPS in Dubai, you control this entirely.
Cause 3: Wrong File or Folder Permissions
After a messy FTP upload, an incomplete restore, or a cPanel account migration, permissions can end up wrong. The server refuses to execute files it considers insecure.
Log signature:
[core:error] (13)Permission denied: /home/user/public_html/index.php Premature end of script headers: index.php
Fix: Correct permissions, folders 755, files 644, wp-config.php 640. Via SSH:
cd /home/USERNAME/public_html
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chmod 640 wp-config.php
In cPanel File Manager without SSH: right-click a folder → Change Permissions → set to 755. For files, set to 644. Check wp-config.php is 640 or 644 (never 777).
Cause 4: PHP Syntax Error in a Plugin or Theme
A plugin update ships broken code, or you edited a theme’s functions.php directly in wp-admin and introduced a typo.
Log signature:
PHP Parse error: syntax error, unexpected token "}" in /wp-content/plugins/plugin-name/plugin-name.php on line 47
Fix: The log names the exact file and line. Open that file in File Manager, find line 47, and either fix the typo or rename the plugin folder to disable it entirely.
To prevent this in the future, add this to wp-config.php, it stops WordPress from allowing the built-in theme/plugin editor which is the most common way people break their own sites:
define('DISALLOW_FILE_EDIT', true);
Cause 5: PHP Version Incompatibility
Your host upgraded PHP (or you changed it in MultiPHP Manager) and an old plugin is not compatible. WordPress 6.9+ recommends PHP 8.3, but some plugins still only support 7.4 or 8.0.
Log signature:
PHP Fatal error: Uncaught Error: Call to undefined function create_function() in /wp-content/plugins/old-plugin/...
(create_function() was removed in PHP 8.0, a plugin using it will crash.)
Fix: In cPanel, open MultiPHP Manager, select your domain, and try a different PHP version. If PHP 8.3 breaks the site, switch to 8.2 or 8.1 and update the problematic plugin, or find an alternative.
For testing, you can force a version per-directory with .user.ini:
; .user.ini in public_html cgi.force_redirect = 0
Cause 6: Plugin or Theme Update Broke Compatibility
Two plugins that used to work together stop playing nicely after one updates. Common with SEO plugins + caching plugins, or security plugins + page builders.
Log signature:
PHP Fatal error: Cannot redeclare function foo() (previously declared in /wp-content/plugins/plugin-a/file.php:123) in /wp-content/plugins/plugin-b/file.php
Fix: Use the Emergency Playbook’s Fix 2 to disable all plugins, reactivate them one at a time. When the site breaks, you found the conflict pair. Either update the older plugin, contact its developer, or find an alternative.
Cause 7: mod_security False Positive
Most cPanel hosts run Apache’s mod_security Web Application Firewall. It blocks suspicious requests, sometimes including legitimate ones (a WordPress REST API call, a long form submission, a file upload).
Log signature (in ModSecurity log):
ModSecurity: Access denied with code 500. Matched phrase "POST /wp-admin/admin-ajax.php" at REQUEST_URI. [rule_id "949110"]
Fix: Contact your hosting support with the exact rule ID (the 949110 in the example). They can whitelist it for your domain. On AEserver, support is 24/7 and handles this through WHM with a few clicks.
If you run your own VPS, you can disable mod_security for a specific directory in .htaccess:
<IfModule mod_security.c>
SecRuleRemoveById 949110
</IfModule>
Cause 8: Database Server Out of Resources (The Big One)
This is the cause most WordPress-focused tutorials miss, and it is extremely common on shared hosting as sites grow. The MySQL/MariaDB database server ran out of memory, hit connection limits, or crashed under load. WordPress then fails to load data and sometimes returns 500 (instead of the more specific “Error establishing a database connection” page).
How it shows up in logs:
[ERROR] mysqld: Out of memory (Needed 116817914 bytes) [ERROR] InnoDB: Cannot allocate memory for the buffer pool
Or in PHP log:
PHP Warning: mysqli_real_connect(): (HY000/1040): Too many connections PHP Fatal error: Uncaught mysqli_sql_exception: MySQL server has gone away
Or a table corruption:
[ERROR] /usr/sbin/mysqld: Table './db_name/wp_options' is marked as crashed and should be repaired
Why it happens on shared hosting: shared plans limit the number of concurrent MySQL connections per account (typically 25-50). Under traffic spikes, during a heavy WooCommerce report, or when a plugin runs unoptimised queries, you hit the ceiling and the database rejects new connections. The site throws 500.
Why it happens on VPS: MySQL/MariaDB memory tuning is incorrect, usually innodb_buffer_pool_size is too high for the available RAM, the Linux OOM killer terminates mysqld to save the server, and your site goes down until MySQL restarts.
Fix A: Check if MySQL is actually running
Via SSH on a VPS:
systemctl status mysql # or on older systems service mysql status
If it is stopped or failed, restart:
systemctl restart mysql
If it crashes again within minutes, you have a memory problem, not a transient failure.
Fix B: Check if tables are corrupted
WordPress has a built-in repair tool. Add to wp-config.php temporarily:
define('WP_ALLOW_REPAIR', true);
Visit https://yourdomain.ae/wp-admin/maint/repair.php in your browser. You see Repair and Repair + Optimize buttons. Click Repair, wait until done. Remove the line from wp-config.php immediately after, because this URL is publicly accessible without login while the flag is set.
Alternatively, via phpMyAdmin: select your database, select all tables, choose Repair table from the dropdown.
Via SSH:
mysqlcheck -u root -p --auto-repair --optimize --all-databases
Fix C: Tune MySQL memory (VPS only)
Edit /etc/my.cnf or /etc/mysql/my.cnf (depending on distro). Sensible values for a 4 GB RAM VPS:
[mysqld] innodb_buffer_pool_size = 1G innodb_log_file_size = 256M max_connections = 100 table_open_cache = 400 tmp_table_size = 64M max_heap_table_size = 64M query_cache_type = 0 query_cache_size = 0
Then restart MySQL:
systemctl restart mysql
Rough rule: innodb_buffer_pool_size should be about 50-70% of RAM on a dedicated database server, but lower if MySQL shares the server with Apache/PHP.
Fix D: You outgrew shared hosting
If you see “Too many connections” errors, or MySQL Out of memory during normal traffic, your site has outgrown shared hosting. Shared plans are designed for hundreds of small sites; a growing UAE e-commerce store or busy WordPress publication needs dedicated resources.
The right next step is a VPS. The AEserver Cloud VPS Plan 3 (2 vCPU, 4 GB RAM, 60 GB SSD) in Dubai is the sweet spot for most WordPress and WooCommerce sites that have hit shared limits. You get dedicated resources, full control over MySQL tuning, and the same Dubai data centre for local audience speed.
Cause 9: Out of Disk Space or Inode Quota
Your account filled up. Maybe email backups, old backup archives, or a runaway log file grew for months unchecked. When disk is full, MySQL cannot write, PHP cannot create temp files, and the site breaks.
Log signature:
PHP Warning: file_put_contents(): Only 0 of 4096 bytes written [ERROR] mysqld: Disk is full writing './mysql/innodb_log_file0'
Fix: In cPanel, check Disk Usage in the Files section. If near the limit, delete:
- Old email in cPanel Email Accounts (large mailboxes often the culprit)
- Backup archives in
public_html/or/home/username/backups/ - Old WordPress backups from plugins like UpdraftPlus
- Debug log files (if
wp-content/debug.logis gigabytes)
Via SSH, find the biggest directories:
du -h --max-depth=2 /home/USERNAME | sort -hr | head -20
Also check inode usage (number of files, not size), separate quota on some hosts:
df -i /home
Cause 10: Corrupted wp-config.php
Someone edited wp-config.php and introduced a syntax error, or the file is missing entirely after a bad backup restore.
Log signature:
PHP Parse error: syntax error, unexpected ';' in /public_html/wp-config.php on line 34
Fix: Open wp-config.php in File Manager, find the named line, correct the syntax. Common mistakes: missing semicolon, unclosed quote, missing closing brace.
If the file is missing or unrecoverable, regenerate it from wp-config-sample.php in the same directory. You need your database name, database user, and database password, all three are visible in cPanel under MySQL Databases.
Cause 11: Missing PHP Extension
A plugin requires a PHP extension (ionCube Loader, mbstring, gd, intl) that is not loaded on your server.
Log signature:
PHP Fatal error: Uncaught Error: Call to undefined function mb_convert_encoding() PHP Fatal error: The file example.php requires the ionCube PHP Loader to run
Fix: In cPanel, open Select PHP Version (or MultiPHP INI Editor), click the Extensions tab, tick the required extension, save. On AEserver all common extensions (ionCube, mbstring, gd, intl, imagick, curl, mysqli) are pre-installed, you just enable them.
Cause 12: PHP Execution Timeout
A long-running script, import, bulk email send, large database operation, exceeds max_execution_time. PHP kills the script and returns 500.
Log signature:
PHP Fatal error: Maximum execution time of 30 seconds exceeded
Fix: Increase the limit for that task. In .user.ini:
max_execution_time = 300 max_input_time = 300
Or for one specific PHP script, add at the top:
<?php set_time_limit(300); // rest of your script
Better long-term solution: break long tasks into background jobs via WP-Cron or a proper queue plugin. Batch imports, email sends, and report generation should not block a single HTTP request.
When Shared Hosting Is Actually the Problem
Four of the causes above (memory exhaustion, database out of resources, disk full, timeout) often indicate one thing: your site outgrew shared hosting. Here is how to tell.
Signs your site needs a VPS:
- You see “Too many connections” MySQL errors even with modest traffic
- Shared host sends you “CPU overage” or “resource abuse” warnings
- Memory limit errors persist even after increasing
WP_MEMORY_LIMIT - Your site is a WooCommerce store with 50+ products and regular sales
- You want to install Redis, Memcached, or use custom MySQL configurations
- Traffic regularly exceeds 1,000 daily visitors
Shared hosting is perfect for small sites; it becomes the bottleneck when a site succeeds. The upgrade path at AEserver is clean:
| Current Situation | Recommended Move | AEserver Option |
|---|---|---|
| Small site, occasional 500 errors | Stay on shared, tune plugins and cache | Linux Shared (Premium plan) |
| Growing WordPress, resource warnings | Move to VPS with dedicated resources | VPS Plan 2 (2 vCPU / 2 GB) |
| WooCommerce, regular 500 errors under load | VPS with enough RAM for MySQL tuning | VPS Plan 3 (2 vCPU / 4 GB) ⭐ |
| Busy e-commerce, 100K+ monthly visits | VPS with proper resources | VPS Plan 5 (4 vCPU / 8 GB) |
Our team handles the migration free of charge, typically with zero downtime. We also tune the new VPS for WordPress/WooCommerce before handover.
When to Stop Troubleshooting and Contact Your Host
DIY troubleshooting has limits. Escalate to your hosting support when:
- The error log shows mod_security blocks (you cannot whitelist rules on shared hosting)
- You see MySQL crashes with “Out of memory” even after plugin cleanup
- The error log path shows issues in
/var/log/apache2/(server-level, not your account) - Your site worked yesterday and suddenly broke with no change from your side (often a host-side PHP upgrade)
- You have tried the Emergency Playbook and the debug log is unclear
On AEserver, our UAE-based support team is available 24/7 through live chat, WhatsApp, or phone. When contacting support, include:
- The exact URL that throws 500
- What you were doing when it started (plugin update, theme change, import)
- The last 20 lines of your error log if you have access
- Whether the site is WordPress, Joomla, Magento, or custom
Prevention: A Simple Maintenance Routine
Most 500 errors are preventable with basic hygiene. Follow this routine once a month:
- Back up before any update. cPanel’s Backup Wizard or a plugin like UpdraftPlus. Keep at least one recent backup offsite (Google Drive, Dropbox).
- Update plugins one at a time, not all at once. If a bulk update breaks something, you will not know which plugin caused it.
- Test in staging first. AEserver lets you clone a site to a staging subdomain in a few clicks. Test updates there before touching production.
- Watch disk usage. If you see 80% full, clean up old backups and mailboxes before you hit 100%.
- Keep PHP current. Run on PHP 8.3 where possible. Test plugins in staging before upgrading production PHP.
- Limit plugin count. Each plugin is another chance for a conflict. Ten well-chosen plugins run better than thirty mediocre ones.
- Monitor Search Console. Google reports 5xx errors it encounters while crawling, often catching problems before users do.
Summary
- Read the error log first. It names the cause 90% of the time, the file, the line number, and the specific error message.
- Try the Emergency Playbook in order: .htaccess → plugins folder → theme → memory limit → debug mode. This resolves about 80% of WordPress 500 errors in under 10 minutes.
- Database failures are a silent cause, especially on shared hosting that hit connection or memory limits. Check MySQL error logs, repair tables with WP_ALLOW_REPAIR, and if you see recurring crashes, upgrade to a VPS.
- Never use 777 permissions. Folders should be 755, files 644, wp-config.php 640.
- Keep PHP current, 8.3 is the current WordPress recommendation. Use MultiPHP Manager in cPanel to switch versions safely.
- If the same error keeps coming back, you probably need more resources. A 2 vCPU / 4 GB VPS handles most WordPress and WooCommerce sites comfortably.
Frequently Asked Questions
Is a 500 Internal Server Error my fault or my host’s fault?
Usually your site’s fault, the 500 error comes from your site’s code or configuration (plugin conflict, bad .htaccess, PHP memory, database). Sometimes it is the host (mod_security false positive, MySQL server issue, disk full on the shared server). Read the error log, it points to the source. If the log shows issues in your wp-content/plugins/ or public_html/.htaccess, it is your site. If it shows Apache or MySQL server-wide issues with no clear file from your account, contact your host.
What is the difference between a 500 error and “Error establishing a database connection”?
Both can happen when the database fails, but they indicate different things. “Error establishing a database connection” means WordPress got as far as checking database credentials and could not connect at all (wrong password, database server down). 500 means PHP crashed during execution, sometimes because of a database issue further into the request. Fixes overlap, check MySQL status, repair tables, verify credentials.
Does a 500 error hurt my SEO?
Yes, temporarily. If Google’s crawler hits a 500 error, it stops crawling that page. Repeated 500s on the same pages can cause Google to drop them from the index until the site recovers. Short downtimes (under an hour) usually have no lasting impact; extended outages can affect rankings. Check Google Search Console → Pages report to see which URLs hit 5xx errors.
Can a 500 error mean my site is hacked?
Possible but not the first guess. Malware sometimes inserts broken PHP that crashes on execution. If your error log shows fatal errors in files with random names (like wp-content/uploads/random-folder/abc123.php) or in files that should not contain PHP, you likely have an infection. Run a scan with our Website Backup & Security service or a plugin like Wordfence. Restore from a clean backup taken before the infection.
How do I enable debug mode without breaking the live site?
Set WP_DEBUG to true and WP_DEBUG_DISPLAY to false, errors get logged to wp-content/debug.log without appearing to visitors. See Fix 5 in the Emergency Playbook above for the exact wp-config.php snippet.
Why does my site get 500 errors only during peak traffic?
Resource exhaustion under load. Under normal traffic your site fits within memory and connection limits. During a spike (marketing campaign, viral post, sale event), you blow past the ceiling. Either optimise (add server-side caching, reduce database queries) or upgrade to a larger VPS plan. A 500 error only under load is the clearest sign that shared hosting is no longer enough.
I renamed .htaccess and the site still shows 500. What now?
Then .htaccess was not the cause. Put it back (rename .htaccess_disabled back to .htaccess) and move to the next step, disable all plugins by renaming the plugins folder. If that also does not fix it, enable WP_DEBUG and read the actual error message. Do not skip the log reading step, it saves hours.
Can I prevent 500 errors entirely?
No, but you can make them rare. Good backups, staging environments for testing updates, reasonable plugin count, current PHP, and adequate server resources cut 500 errors to near-zero for most well-maintained sites. Managed WordPress Hosting additionally handles PHP updates, caching, and core WordPress maintenance, further reducing the surface area where things can break.
My shared hosting keeps hitting MySQL limits. Should I optimise WordPress or upgrade?
Do both, in that order. First optimise: install a caching plugin (LiteSpeed Cache, WP Super Cache), remove unused plugins, clean up post revisions, use an object cache if available. If you still hit limits after serious optimisation, you genuinely need more resources. A VPS gives you dedicated MySQL capacity that is yours alone, no shared-account limits.
How do I know if my problem is WordPress, PHP, the database, or the server?
The error log tells you. Errors from wp-content/plugins/ or wp-content/themes/ are WordPress issues. Errors mentioning PHP Fatal error with memory or function calls are PHP issues. Errors mentioning mysqld, “Out of memory”, or “Too many connections” are database issues. Errors from Apache or Nginx without any file from your account are server-level issues (host’s responsibility). If you cannot parse the log yourself, our support team reads it and tells you what is wrong, for free on any AEserver plan.
Need Help Fixing a 500 Error Right Now?
If your site is down and you have tried the playbook without luck, our UAE-based team is available 24/7 through live chat, WhatsApp, or phone. We handle 500 error troubleshooting for AEserver customers at no extra cost, it is included in every hosting plan.
For sites that consistently hit resource limits on shared hosting, our Cloud VPS plans in Dubai give you the dedicated CPU, RAM, and MySQL tuning freedom to make 500 errors rare. Free migration from your current host, same Dubai data centre for UAE-audience speed.
