WordPress 503 error
I discovered something today when trying to access one of the sites I’ve produced… some hosts block access to files that get repeated brute force login attempts. One of those files is the wp-login.php used by self-hosted WordPress sites for administrative access.
So, if your public site is working just fine but then you try to login to your self-hosted site and see something like this:
"503 Service Temporarily Unavailable"
Plugins are great but…
It may be that your site has been subject to brute force attacks and your host (I know that fasthosts.co.uk certainly does this) may have shut things downs.
There is at least one rather excellent plugin that helps with this (linked at the end of this post) but that’s not much help if you can’t get into your admin panel though. So, I noted down the steps I used to get back to the admin panel for this particular site.
- FTP to your site root
- Duplicate wp-login.php so you have a copy to work on
- Rename your copy of wp-login.php to something new (e.g. login-mysite.php)
- Open login-mysite.php in a text editor
- Locate each occurrence of wp-login.php and replace it with login-mysite.php (there should be about 13)
- Save the file
- Clear the browser cache (in safari, on a mac, that’s Alt-Cmd-E) … just in case
- Try to login again with http://yoursite.com/login-mysite.php
Hopefully you can now get in to your admin page.
Next, go and install the “Rename wp-login.php” plugin and change the login URL to something more obscure.
Don’t forget to bookmark the new login name!
If you logout now, and try either /admin or /wp-login.php and you should just see page not found or a redirect. If that’s all working, you can go back and delete that login-mysite.php
I realise that host blocking is not the only reason that you might see "503 Service Temporarily Unavailable", but if your public site is still fully functional then its certainly worth investigating.
This method also has the benefit of surviving WordPress updates – which manual renaming will, of course, not.