Guide

WordPress white screen of death — how to debug without admin access

You load your site and there is nothing. No header, no logo, no error, no 500 page. Just a flat white rectangle in the browser. View source shows an empty body, or in some hosts, literally zero bytes returned.
Recurring pattern Observed repeatedly across WordPress customer fleet

The attacker doesn't live on one IP

In a 2 hour 45 minute window, one site recorded 77 failed login attempts from 11 distinct IPs. Per-IP rate limiting did nothing — no individual address attempted enough to trip the limiter. The signal was elsewhere: 10 of the 11 IPs all produced the same hashed username.

The integration hashes usernames before shipping, with a per-tenant HMAC key. That means the same target account viewed from multiple sources is recognizable as the same target, while the username itself never leaves the site in cleartext. Identical hashes across distributed IPs is the diagnostic. The attacker did not live anywhere in particular — they were renting addresses by the hour and pointing all of them at the same account.

The operator locked the active IPs at the CDN, added a per-account lockout policy (so a brute force against one account hits a wall even when the source addresses keep rotating), and assumed the target username was now publicly known — rotated the password and enabled 2FA.

Related guides

PHP deprecation warnings after PHP 8.x upgrade — what to fix first WordPress 500 internal server error — how to find the cause in logs WordPress PHP warning spike — finding the plugin or file causing the flood WordPress fatal error — how to find what crashed your site

See what's actually happening in your WordPress system

Connect your site. Logystera starts monitoring within minutes.

Request a demo WordPress integration
Logystera Logystera
Behavioral monitoring for the systems your team operates. Read operational state, get told when behavior changes, with the evidence attached. Current integrations: WordPress and Drupal.
Product
Overview How it works Features Integrations Compare Pricing Changelog Status
Guides
WordPress Cron Not Running WordPress Emails Not Sending Log-Based Monitoring WordPress Monitoring Drupal Monitoring Signals Reference Reports Blog Documentation
Solutions
For Agencies For SMEs For Government For Education For Enterprise Services Engagement Models What Logystera Is FAQ
Legal
Privacy Terms Security Cookies
Company
Contact About Why Logystera
Follow us
Twitter LinkedIn
Copyright © 2026 Logystera. All rights reserved.