When you get a white screen or a “500 Internal Server Error” after activating Really Simple Security, this can have a number of different causes; but it is almost always due to a fatal PHP error.
A common cause of such issues is insufficient memory on the server, but a 500 error can also be caused by invalid .htaccess rules, for instance: a syntax error, or when the plugin’s advanced-headers.php is included in the auto_prepend_file directive, while the file does not actually exist.
Memory exhausted during activation (PHP memory limit)
Memory errors usually indicate that your site was already close to reaching the PHP memory limit, and activation pushed it over the edge. If this happens, you can expect to start seeing these issues more frequently: especially during actions like installing/activating new plugins. When you’re close to hitting the “memory limit” of your environment, anything that you add from this point onwards (like a new plugin) is likely to push your site just over the memory limit.
The activation of Really Simple Security also triggers some actions, like flushing the rewrite rules and clearing the cache, which may cause a temporary increase in memory usage. Reaching the server’s memory limit will result in error messages, such as:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 54 bytes)
Because such an error occurs at the exact moment when the memory limit is reached, the line of code that’s being mentioned as the culprit in the error message doesn’t necessarily mean that line of code is also causing the problem. It just happened to be the point where the memory limit was exceeded. If you have debugging disabled, the error could also appear as a generic 500 Internal Server Error (or just a plain white screen).
You can try deactivating some plugins to lower the memory usage; but the usual fix is to increase your memory limit. Hosting environments and WordPress websites have a limit on the memory that can be used by the website.
If your server allows it, you can increase the memory limit in your wp-config.php by adding this line:
define('WP_MEMORY_LIMIT', '256M');
Invalid .htaccess rules (syntax errors)
A syntax error or unsupported directive in .htaccess can also result in a 500 error. This can happen if the file was edited manually, modified by another plugin in some unexpected way, or if a rule was added that your server doesn’t support.
A quick way to test this is to temporarily rename .htaccess (for example to .htaccess.bak) and then reload your site. If the site loads again, the issue is in your .htaccess rules.
You can then restore a known-good copy of .htaccess, or regenerate WordPress rewrite rules by going to Settings → Permalinks and clicking Save (without actually changing your permalinks settings, just click Save once). This will let WordPress re-insert the standard rules to the .htaccess, and recreate the file in the event that it doesn’t exist at the expected location yet.
advanced-headers.php and auto_prepend_file
In some hosting environments, PHP can be configured to automatically include a file on every request via the auto_prepend_file directive (typically in the .user.ini and .htaccess files). By default, Really Simple Security will also try to include the advanced-headers.php file in this auto_prepend_file directive, to ensure that the Firewall is loaded early.
However, if the auto_prepend_file directive is configured to point to /wp-content/advanced-headers.php, but this file does not exist (or is not readable), this can immediately cause a fatal error and display a 500 Internal Server error.
To troubleshoot:
– Verify that the advanced-headers.php file exists in the /wp-content/ directory, and has the correct permissions (644, rw-r–r–).
If an advanced-headers.php file does not exist in your /wp-content/ directory, but the auto_prepend_file directive does point to that location: try creating an empty advanced-headers.php file in the /wp-content/ directory, and check whether it resolves the problem already.
Or temporarily remove the auto_prepend_file directive from the .htaccess and user.ini files.
Still having problems?
If the issue is not solved yet, the recommended next step is to find the related error message from your server’s PHP error logs (e.g., error_log, debug.log) to determine the cause of the issue. You can always ask your hosting provider where to find these logs.
- If the error log contains items related to the Allowed memory size…, you may need to increase the available memory (or ask your host to increase the PHP memory limit).
- If the issue is caused by a missing advanced-headers.php file, the error log will usually contain errors such as the ones mentioned below; which indicates that PHP trying to prepend advanced-headers.php, but can’t load it.
- “PHP Fatal error: Failed opening required ‘/path/to/wp-content/advanced-headers.php’ … in Unknown on line 0”
- “PHP Warning: Unknown: Failed to open stream: No such file or directory in Unknown on line 0”
- If the error log mentions an issue in the .htaccess, revert to a previous/clean version, or fix the rules by re-saving the Permalinks settings as described above.
If you contact your hosting company, make sure to include the exact fatal error message from your error logs.