What is the difference between a 500 and a 502 error?

A 500 means the server itself ran into an unexpected fault and had no more specific code to report. A 502 Bad Gateway means a gateway or proxy handed your request to another server upstream and got an invalid response back. A 500 usually points at the application's own code or config; a 502 points at the link between servers.

Why does my WordPress website show a white screen with a 500 error?

That blank white screen is WordPress running into a fatal PHP error, often an exhausted memory limit or a broken plugin or theme. Add define( 'WP_DEBUG', true ); and define( 'WP_DEBUG_LOG', true ); to wp-config.php, reload, then read wp-content/debug.log for the exact file and line that failed.

Does a 500 error hurt my SEO?

A short 500 rarely costs you rankings: Google holds on to already-indexed pages and just eases off its crawl. The real risk is duration. Let Googlebot keep hitting 5xx responses for hours or days and it can treat the pages as gone, dropping them until stable, successful responses come back. Fix it quickly and rankings usually recover.

How do I see the real error behind the 500?

The status code is generic on purpose, so look in the server error log rather than the browser. You'll find it in your hosting panel, your app's log directory, or by switching on debug or error display. The log spells out the exact file, line, and message that triggered the failure.

Is a 500 error my fault or the website's?

As a visitor, it is almost never your fault. A 500 is a server-side error, which means the problem lives on the website's server, not in your browser, your device, or your connection. The most you can do is reload, clear your cache, and report the URL to the website owner.

How do I fix a 500 error without access to the dashboard?

Use SFTP or your host's file manager. Rename .htaccess to disable a bad rule, rename the plugins folder to plugins.deactivated to kill every plugin at once, or edit wp-config.php to raise the memory limit and turn on debug logging. Then rename things back one at a time to pin down the cause.

Will the 500 error go away on its own?

Sometimes. If a momentary spike, a brief overload, or a timed-out request caused it, the next reload may go through fine. But a 500 rooted in broken code, a bad .htaccess, or wrong permissions will keep coming back until someone fixes the underlying problem on the server.

What is the difference between a 500 and a 503?

A 500 is the server caught off guard: it tried to handle the request, crashed or threw something it couldn't catch, and had no better code to send. A 503 is the opposite, a server that knows exactly what it's doing and turns you away on purpose because it's overloaded, restarting, or in maintenance, usually with a Retry-After header attached. So a 500 means something is genuinely broken and needs a code or config fix. A 503 normally clears itself once load eases or the maintenance window closes.

Why does a 500 show a blank white page with no message?

Most production servers are set up to keep error details away from visitors. When the app crashes they return the bare 500 and nothing else, which leaves you staring at a blank or generic page. That's on purpose: handing the real error to the public can leak file paths and code. The actual message goes to the server error log instead. Open that log to read it, or briefly switch on error display or debug logging somewhere safe, and you'll see the file, line, and exception behind the failure.

Can a single bad character in a config file cause a 500?

It can, and it catches people out constantly. One stray directive, a typo, or a misplaced character in .htaccess, an nginx or Apache config, or a PHP file is enough to make the server quit processing requests and throw a 500 across the entire website. The classic version is an invalid line in .htaccess left behind by an edit or a plugin change. Rename the file to switch it off, or undo the exact change you just made, and you'll know in seconds. The error log will point at the offending file and often the line too.

Is a 500 a security risk I should worry about?

The status code isn't an attack in itself, but it can both leak information and hint at one. A badly configured server might return a full stack trace that exposes file paths, library versions, or fragments of a query, all useful to an attacker, which is why production should always show a generic 500 and keep the detail in a private log. A sudden wave of 500s can also mean malformed or malicious requests are hammering an endpoint that wasn't built to handle them. Read the log: if the same crafted request keeps tripping it, validate or harden that endpoint.

Why did a 500 start right after I updated a plugin or library?

Usually because the update shipped a fatal incompatibility: a function that's gone, an API that changed shape, or code that expects a newer language or framework version than your server runs. The app loads the new code, runs into the mismatch, and returns a 500. The log will name the failing file and the call that broke. Roll the plugin or dependency back to its previous version to get the website live again, then run the update in staging, where you can read the error and fix the incompatibility without taking anyone down.

A 500 only hits one template or route while the rest of the website is fine. Will homepage monitoring see it?

No, and that's exactly the trap. A 500 often lands on a single template, a form handler, or one dynamic route after a bad deploy, while the cached homepage keeps serving 200s. A monitor watching only the front page reports everything fine. The answer is to check the specific URLs that carry revenue or sign-ups, not just the root. Pulsetic pulls each watched URL from 15+ locations every 30 seconds and logs the exact status, so a route that flips to 500 alerts you with the failing URL and timestamp by email, SMS, Slack, or webhook. It won't tell you the PHP line or the plugin at fault, since it reads availability from outside rather than your error log, but it fires the moment that one page goes dark.

500 Internal Server Error

You loaded a page and got a blank screen that just says 500 Internal Server Error. It is one of the most common errors on the web, and one of the least helpful, because the message tells you almost nothing about what actually broke.

Updated June 2026 · 5 min read

Written by

Andrian Valeanu Founder of Pulsetic

Andrian Valeanu founded Pulsetic and, before it, Designmodo. Across 15-plus years he has shipped web products, design tools, and monitoring software teams around the world rely on.
Reviewed by

Ionut Caval Technical reviewer

Ionut Caval reviews Pulsetic's technical guides for accuracy. He works hands-on with web servers, networking, and uptime monitoring day to day, and makes sure the causes and fixes here hold up in production.

The short version: A 500 means the website's server ran into a problem and couldn't finish the request. Visiting? Reload and try again in a bit. Running the website? Open the server error log to find the real cause, then work through your .htaccess, PHP memory limit, plugins, and recent deploys.

Key takeaways

The 500 is the web's default shrug for a server-side failure. RFC 9110 frames it as the code a server returns when it hits something unexpected, can't finish the request, and has nothing more precise to send back.
On its own the code tells you nothing about why. A PHP fatal error, a broken .htaccess rule, an exhausted memory limit, the wrong file permissions: each one can produce the exact same blank 500. The answer is in the server error log.
For a visitor, it's almost certainly the website at fault, not you. Reload, clear the cache, and pass along the URL and the time it happened. Whatever needs fixing lives on the owner's server.
A 502, 503, or 504 points at a gateway, a timeout, or a refusal. A 500 is different: the application broke right where it ran. That sends you straight to the app's own code, config, and log.
A 500 can take out one route and leave everything else running fine. So a bad deploy can quietly sit broken on a single template or form handler, unnoticed, unless someone is actually watching that URL.

Error type: HTTP 5xx server error
Whose side: Almost always the website
Fix difficulty: Moderate (website owner)
Common cause: Server-side fault with no specific code

What does 500 Internal Server Error mean?

A 500 Internal Server Error is the web's generic, catch-all way of saying something broke on the server side. MDN and RFC 9110 describe it the same way: the server returns a 500 when it runs into an unexpected condition that stops it fulfilling the request, and it has no more specific 5xx code to reach for. The server knows it failed. It just can't, or won't, tell you how.

That vagueness is by design, so the code on its own never gives you the cause. One blank 500 page can be standing in for a fatal PHP error, a broken .htaccess rule, an exhausted memory limit, or wrong file permissions. The real story sits in the server's error log, not in the browser. Treat the status as the symptom and the log as the diagnosis.

The path a request takes from your browser to the website's servers. A 500 Internal Server Error is produced at the highlighted stages.

500: HTTP status code
5xx: Server-error class it belongs to
0: Details the generic message gives you

How the 500 Internal Server Error error appears

The wording changes depending on your browser, device, or server. Here is how this error commonly shows up:

500

Internal Server Error

The server encountered an internal error and could not complete your request.

What a 500 Internal Server Error looks like in the browser. The exact wording varies by browser, device, and server.

500 Internal Server Error
HTTP 500 / HTTP Error 500
Error 500 / 500 Error
Internal Server Error
500. That's an error. / Something went wrong
nginx 500 / HTTP ERROR 500

500 vs 502, 503 and 504

All four are 5xx server-side errors, but they point at different failures and different people to chase.

Code	What it means	Who fixes it
500 Internal Server Error	The server hit an unexpected fault and has no more specific code for it	Website owner or developer
502 Bad Gateway	A gateway or proxy got an invalid response from the upstream server	Website owner or host
503 Service Unavailable	The server is temporarily down, overloaded, or in maintenance mode	Website owner or host
504 Gateway Timeout	A gateway waited for the upstream server and got no response in time	Website owner or host

Where each 5xx error fails in the stack

All four are server-side, but they break at different hops, which tells you which log to open and who to chase.

Code	Meaning	Where in the stack	Typical cause
`500` Internal Server Error	The application hit an unhandled fault with no more specific code	Inside the app itself	PHP fatal error, bad .htaccess, memory limit, wrong permissions
`502` Bad Gateway	A proxy got an invalid or empty reply from the upstream	Between the proxy and the backend	Crashed PHP-FPM or app process, wrong proxy_pass target
`503` Service Unavailable	The server is reachable but refusing the request for now	At the server, on purpose or under load	Overload, maintenance mode, throttling, crash loop
`504` Gateway Timeout	A proxy got no response in time from the upstream	Between the proxy and a slow backend	Slow query, long request, gateway timeout set too low

What causes 500 Internal Server Error?

A PHP fatal error or an unhandled exception, whether in the website's own code or in a plugin
A corrupted or misconfigured .htaccess file carrying an invalid directive
An exhausted PHP memory limit, where a script asks for more RAM than it is allowed
Wrong permissions on a file or folder (files want 644, folders want 755)
A plugin or theme clashing with something, frequently right after an update
A broken code change or bad deploy that pushed a syntax error live
Trouble on the server itself: a misconfiguration, an incompatible PHP version, or a CGI/script error

How to find the cause fast

Go to the server error log first. It names the exact file and line that failed, the detail the 500 page deliberately hides.
Switch on debug or error display (WordPress WP_DEBUG, for instance) so the real message actually gets written down.
Ask what changed. A 500 that just appeared usually traces straight back to the last deploy, update, or edited config file.
Narrow it down: turn plugins off one by one and drop to a default theme to see whether the error clears.

curl -sI https://example.comHTTP/1.1 500 Internal Server Error# then read the app log for the stack trace:tail -n 1 /var/log/nginx/error.log[error] FastCGI sent in stderr: "PHP Fatal error: ..."

What a 500 Internal Server Error looks like from the command line. The grey lines starting with # are explanatory comments.

How 500 Internal Server Error looks from the outside

An uptime monitor like Pulsetic checks your website from 15+ locations every 30 seconds, so a 500 reaches you from the outside, the way real visitors see it, instead of arriving as an angry email. The instant a 500 comes back, you get an alert by email, SMS, voice, Slack, Discord, Telegram, or webhook, carrying the failing URL and the status code. What it can't do is name the plugin or the PHP line that broke. It reads availability from the outside, not CPU, memory, or your error log. So take the alert as the starting gun: it tells you the page is down right now, and then you open the server log to find out why.

To confirm the exact code a URL returns, or to re-test several at once after a fix, run them through the free bulk URL status checker.

How to fix 500 Internal Server Error

If you are a visitor

Reload. A lot of 500s are momentary and clear on the very next request.
Hard refresh and clear the browser cache (Ctrl+F5 or Cmd+Shift+R) in case a stale response is sitting in there.
Give it a few minutes and come back. The owner might be mid-fix, or the server briefly buckled under load.
Open the website in a private window or a different browser to rule out anything on your end.
Still stuck? Send the owner the exact URL and time. The error is theirs to fix, not yours.

If you run the website

Open the server error log (host panel, or wherever your app writes its log) and read the most recent fatal error.
Switch on debugging or error display so you capture the real message instead of the blank 500.
Regenerate .htaccess: rename the old file, reload, then re-save permalinks to get a clean one.
If the log shows memory exhaustion, raise the PHP memory limit, for example WP_MEMORY_LIMIT to 256M.
Fix permissions: files to 644, folders to 755. Never 777.
Disable plugins or extensions one at a time, and drop to a default theme, to surface a conflict.
Look at your most recent deploy or code change, and roll it back if that's where the error started.
Confirm your PHP version is compatible with the app, then call your host if the log points at the server.

Still not fixed? Next steps

Start with the server error log. It hands you the exact file, line, and message the 500 page is hiding, and that's the only dependable route to the real cause.
Ask what changed. When a 500 shows up out of nowhere, the trigger is nearly always the last deploy, a plugin or theme update, or a config file someone just edited. Roll that change back to prove it.
Track down the culprit by switching things off in sequence: disable plugins or extensions one at a time, drop to a default theme. When the error vanishes, the last thing you toggled is your answer.
When the log points at the server, not your code (an incompatible PHP version, a CGI error, a host-level misconfiguration), there's nothing for you to patch. Hand your host the URL and the timestamp.

Code & configuration

Copy-paste starting points. Replace example.com and the paths with your own, and test changes on staging before production.

Turn on WordPress debugging to reveal the real error

// In wp-config.php, above "That's all, stop editing"
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );
// Read the result in wp-content/debug.log

Rename a corrupted .htaccess so the server ignores it

# Over SFTP or the host file manager, in the web root:
mv .htaccess .htaccess_old
# Reload the website. In WordPress, then re-save
# Settings > Permalinks to generate a clean .htaccess

Raise the PHP memory limit and fix file permissions

# In wp-config.php:
define( 'WP_MEMORY_LIMIT', '256M' );

# Standard permissions over SSH:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;

How to prevent 500 Internal Server Error

A 500 can knock out a single page or your entire website, and it almost never warns you first. Pulsetic checks your website from multiple locations every 30 seconds and alerts you by email, SMS, voice call, Slack, Discord, Telegram, or webhook the moment a page starts throwing 500s or stops answering. It won't read your error log for you, but it tells you the instant something breaks, and the instant it's back, so a bad deploy can't sit broken for hours.

Learn how Pulsetic's uptime monitoring detects this from the outside, across 15+ locations.

Related errors

Browse all error guides

Frequently asked questions

What is the difference between a 500 and a 502 error?

A 500 means the server itself ran into an unexpected fault and had no more specific code to report. A 502 Bad Gateway means a gateway or proxy handed your request to another server upstream and got an invalid response back. A 500 usually points at the application's own code or config; a 502 points at the link between servers.
Why does my WordPress website show a white screen with a 500 error?

That blank white screen is WordPress running into a fatal PHP error, often an exhausted memory limit or a broken plugin or theme. Add define( 'WP_DEBUG', true ); and define( 'WP_DEBUG_LOG', true ); to wp-config.php, reload, then read wp-content/debug.log for the exact file and line that failed.
Does a 500 error hurt my SEO?

A short 500 rarely costs you rankings: Google holds on to already-indexed pages and just eases off its crawl. The real risk is duration. Let Googlebot keep hitting 5xx responses for hours or days and it can treat the pages as gone, dropping them until stable, successful responses come back. Fix it quickly and rankings usually recover.
How do I see the real error behind the 500?

The status code is generic on purpose, so look in the server error log rather than the browser. You'll find it in your hosting panel, your app's log directory, or by switching on debug or error display. The log spells out the exact file, line, and message that triggered the failure.
Is a 500 error my fault or the website's?

As a visitor, it is almost never your fault. A 500 is a server-side error, which means the problem lives on the website's server, not in your browser, your device, or your connection. The most you can do is reload, clear your cache, and report the URL to the website owner.
How do I fix a 500 error without access to the dashboard?

Use SFTP or your host's file manager. Rename .htaccess to disable a bad rule, rename the plugins folder to plugins.deactivated to kill every plugin at once, or edit wp-config.php to raise the memory limit and turn on debug logging. Then rename things back one at a time to pin down the cause.
Will the 500 error go away on its own?

Sometimes. If a momentary spike, a brief overload, or a timed-out request caused it, the next reload may go through fine. But a 500 rooted in broken code, a bad .htaccess, or wrong permissions will keep coming back until someone fixes the underlying problem on the server.
What is the difference between a 500 and a 503?

A 500 is the server caught off guard: it tried to handle the request, crashed or threw something it couldn't catch, and had no better code to send. A 503 is the opposite, a server that knows exactly what it's doing and turns you away on purpose because it's overloaded, restarting, or in maintenance, usually with a Retry-After header attached. So a 500 means something is genuinely broken and needs a code or config fix. A 503 normally clears itself once load eases or the maintenance window closes.
Why does a 500 show a blank white page with no message?

Most production servers are set up to keep error details away from visitors. When the app crashes they return the bare 500 and nothing else, which leaves you staring at a blank or generic page. That's on purpose: handing the real error to the public can leak file paths and code. The actual message goes to the server error log instead. Open that log to read it, or briefly switch on error display or debug logging somewhere safe, and you'll see the file, line, and exception behind the failure.
Can a single bad character in a config file cause a 500?

It can, and it catches people out constantly. One stray directive, a typo, or a misplaced character in .htaccess, an nginx or Apache config, or a PHP file is enough to make the server quit processing requests and throw a 500 across the entire website. The classic version is an invalid line in .htaccess left behind by an edit or a plugin change. Rename the file to switch it off, or undo the exact change you just made, and you'll know in seconds. The error log will point at the offending file and often the line too.
Is a 500 a security risk I should worry about?

The status code isn't an attack in itself, but it can both leak information and hint at one. A badly configured server might return a full stack trace that exposes file paths, library versions, or fragments of a query, all useful to an attacker, which is why production should always show a generic 500 and keep the detail in a private log. A sudden wave of 500s can also mean malformed or malicious requests are hammering an endpoint that wasn't built to handle them. Read the log: if the same crafted request keeps tripping it, validate or harden that endpoint.
Why did a 500 start right after I updated a plugin or library?

Usually because the update shipped a fatal incompatibility: a function that's gone, an API that changed shape, or code that expects a newer language or framework version than your server runs. The app loads the new code, runs into the mismatch, and returns a 500. The log will name the failing file and the call that broke. Roll the plugin or dependency back to its previous version to get the website live again, then run the update in staging, where you can read the error and fix the incompatibility without taking anyone down.
A 500 only hits one template or route while the rest of the website is fine. Will homepage monitoring see it?

No, and that's exactly the trap. A 500 often lands on a single template, a form handler, or one dynamic route after a bad deploy, while the cached homepage keeps serving 200s. A monitor watching only the front page reports everything fine. The answer is to check the specific URLs that carry revenue or sign-ups, not just the root. Pulsetic pulls each watched URL from 15+ locations every 30 seconds and logs the exact status, so a route that flips to 500 alerts you with the failing URL and timestamp by email, SMS, Slack, or webhook. It won't tell you the PHP line or the plugin at fault, since it reads availability from outside rather than your error log, but it fires the moment that one page goes dark.

Catch the next outage before your visitors do.

2-minute setup · Cancel any time
Create Free Account

Your Dashboard

No credit card needed