List of Fixes for WordPress Site Health Status


WordPress 5.2 introduced a great new tool called ‘Site Health’ (go to Tools -> Site Health within your WordPress installation to access it), which lists any issues that WordPress has detected with your website. While some of them only require very simple fixes like updating plugins, several of them are bit more complex and will need some additional work to fix. Check out our list of common solutions – but remember to take comprehensive backups first!

How to Fix ‘Background updates are not working as expected’

Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using. If background updates are not working correctly, it’s normally a plugin that’s causing the issue, or in rare cases your theme. If it’s one of your plugins, you will normally get a message in Site Health Status to confirm this, like this:

“A plugin has prevented updates by disabling wp_version_check().”

If that’s the case, try disabling your plugins one at a time until the message disappears. If it’s something in your theme, it’s likely to be a line of code in your theme’s functions.php file, which is found in your theme’s root directory. It may mention ‘https://api.wordpress.org/themes/update-check’ – try disabling or removing any functions that reference this and check back in Site Health Status.

Alternatively, it could be a setting in your website’s wp-config.php file, which is found in the website root. If that’s the case, you may get a red cross next to the following line in the Site Health Status:

“The WP_AUTO_UPDATE_CORE constant is defined and enabled”

You may also see the following:

“WordPress security and maintenance releases are blocked by define( ‘WP_AUTO_UPDATE_CORE’, false );”

If that’s the case, check the wp-config.php file for the following line:

“define( ‘WP_AUTO_UPDATE_CORE’, false );”

If you find that line, remove it, save the file and re-upload it – that should fix the issue.

Be aware that making changes to any files, particularly wp-config.php or your theme’s functions.php file, can cause your entire website to stop working, so make sure you take backups of everything first, and if in doubt ask a developer to carry out the changes for you.

How to Fix ‘SQL Server is out of date’

There are several variants of SQL/database servers, and the most common (for WordPress/Linux at least) are MySQL and MariaDB. MariaDB is generally the favoured software these days, but MySQL still has plenty of support. Your SQL server is a required piece of software for the database WordPress uses to store all your site’s content and settings. If your version is out of date, you’ll need to get it updated. You will normally have to ask your website host to do this, but if you host the website yourself you can run the update – you’ll need to check which Linux distribution you are running for the specific instructions, but you’ll normally have to do this via the command line. If you use cPanel however, you should be able to follow these instructions on the cPanel website.

For those familiar with web servers and hosting environments this should be a relatively simple fix, so if you don’t know how to do it yourself (or don’t have back-end access to your server) then your website host should be able to do it for you.

How to Fix ‘UTF8MB4 is not supported’

UTF8MB4 is a type of database encoding that makes sure your site can store non-English text and other strings (such as emoticons) without problems. Since WordPress 4.2, WordPress has been using UTFMB4 for its database encoding. Prior to this, WordPress used UTF8, but if you’ve kept up to date with WordPress updates since 4.2 you should have automatically had your database upgraded to UTF8MB4. Any new installs since WordPress 4.2 will automatically have set the database encoding to UTF8MB4.

If you are still using UTF8 then it’s likely that whatever SQL/database server you are using is not compatible with UTF8MB4 – if that’s the case then you’ll need to update it. As a result, you’ll likely have the ‘SQL Server is out of date’ message in Site Health Check as mentioned above – fixing that will allow you to upgrade to UTF8MB4. If you’re lucky, WordPress will then prompt you with the database upgrade tool – running this will fix the ‘UTF8MB4 is not supported’ message.

If the database upgrade doesn’t run automatically for any reason,  then you will need to update your database tables to UTF8MB4 yourself. You can download this plugin on GitHub, which will do it for you, or if you want to get your hands dirty check out this post on Stack Exchange.

In any case, changing anything to do with your database can result in your entire website breaking, or even total loss of data, if something goes wrong. As a result, always take backups before attempting any changes, and ensure you’re able to restore the database if you run into problems. If in doubt, ask a web host or developer to make the changes for you.

How to Fix ‘Your site cannot communicate securely with other services’

This usually refers to an issue between your website and others, particularly wordpress.org, where a secure connection cannot be established. If you use a service like JetPack this could cause a lot of issues, but even if you’re not using JetPack you may find that you are unable to install or update plugins from the WordPress repository, which could be a potentially serious security issue if you are missing out of patches for known vulnerabilities.

Most of the time, this is a server-level issue that you will need to ask your host about. It’s usually a DNS issue, so your host will need to ensure the DNS records on the server and configured correctly and that the server can communicate back and forth with the WordPress.org servers. As a workaround, you can always point the server’s DNS directly at WordPress.org by adding the following line to the server’s HOSTS file:

66.155.40.202 api.wordpress.org

You’d need SSH access to the server, and working knowledge of Linux, so if you aren’t comfortable doing this ask your host for help.

How to Fix ‘HTTP requests are not working as expected’

This is a communication issue between your website and other websites and services. If this isn’t working it’s usually due to a misconfigured plugin or theme. Try disabling all your plugins and using the default WordPress theme (twentynineteen) to see if this fixes the issue. If it does, re-enable them one at a time until you determine which one is causing the issue. Once you’ve identified the cause, you’ll need to contact the theme/plugin developer and ask them to fix the problem – you can then update to the latest version of the theme/plugin in order to get the fix.

How to Fix ‘Your site is set to output debug information’

Debug mode is something that developers will often enable in order to better troubleshoot coding issues on a website. When used on development servers it doesn’t present much of a problem, but if used on a live website, particularly if left enabled for a long-period, this can present a security risk, as sensitive information about the website configuration can be exposed to would-be hackers. Debug mode is enabled in the wp-config.php file, which you will find in your web root directory (usually ‘public_html’ or ‘htdocs’) – if it’s enabled, you will see the following line:

define( ‘WP_DEBUG’, true );

The easiest thing to do is change this to false:

define( ‘WP_DEBUG’, false );

That should resolve the issue. However, there is also an additional debugging method, which outputs error messages to a file on the server rather than the browser:

define( ‘WP_DEBUG_LOG’, true );

That’s a much lower security risk, as it saves all the error information in a file called debug.log, which can be found in the ‘wp-content’ directory, so it not as easily accessible to potential hackers. However, it’s still a potential risk, so it would be best to change this to false too:

define( ‘WP_DEBUG_LOG’, false );

Once you’ve changed the above lines of code, just re-upload the wp-config.php file back to your web root – just remember to take backups first in case anything goes wrong, as an incorrectly configured wp-config.php file could cause your website to stop working.

How to Fix ‘The REST API is not available’

The REST API is one way WordPress, and other applications, communicate with the server. One example is the block editor screen, which relies on this to display, and save, your posts and pages. This is generaly a server issue, so the first port of call is to contact your host and ask them to fix the problem. However, it may be a problem with your htaccess file – this is a configuration file that interacts with your server to instruct it on how to carry out various functions such as page redirects. If your htaccess file is corrupt, you can get WordPress to generate a new one by visiting Settings -> Permalinks and then clicking ‘Save Changes’ (even if you don’t make any changes). That should then reset the htacess file to the correct settings for your website.

How to Fix ‘Your PHP version requires an update’

PHP is the programming language that WordPress is built in. Older versions of PHP, particularly those earlier than PHP 7, are prone to security vulnerabilities and slower performance. You will normally have to ask your web host to update the version of PHP on the server to a newer version, but if you have access to any kind of control panel you may be able to do it yourself from there. Be aware, however, that PHP 7 is not fully backwards compatible with PHP 5 and older (there is no PHP 6), so you may find that some of your plugins or themes are not compatible with the latest version of PHP. As a result, always test this on a development server before deploying on a live installation. If you get any errors, you should be able to get more information from your error log.

You may find that updating the plugin/theme in question solves the issue – generally speaking, any plugins or themes that are actively maintained by their developer will be fully compatible with PHP 7, so updating to the latest version will automatically apply the fix. If any of your plugins or themes are no longer being updated and have an issue running in PHP 7, you have several options:

  1. Move to a new theme/plugin
  2. Fix the issue yourself
  3. Ask a developer to fix it for you

Often it’s just a single line of text that needs to be updated, so if you are confident you may be able to do this yourself, but otherwise you should hopefully find it’s a quick fix for an experienced developer. As a general guide however, if your theme/plugin has been abandoned it would be worth looking for an alternative at some stage, as you may find that you get more and more problems as the code becomes more and more out of date.

How to Fix ‘Cannot communicate with WordPress.org’

Communicating with the WordPress servers is used to check for new versions, and to both install and update WordPress core, themes or plugins. If you cannot communicate with the WordPress, it’s usually a DNS or hardware issue on your server, so your host will need to ensure the DNS records on the server and configured correctly and that the server can communicate back and forth with the WordPress.org servers. It may also be your server’s firewall preventing the connection – if that’s the case, your host will need to add a rule to allow traffic between your server and the wordpress.org servers.

On rare occasions this may simply be due to a temporary internet connectivity issue, so you may find it resolves itself within an hour or two, but otherwise you’ll need to ask your host for assistance.

How to Fix ‘Background updates are not working’

Background updates ensure that WordPress can auto-update if a security update is released for the version you are currently using. This may be being stopped by one of your themes or plugins – if that’s the case, you may get a specific error message like this:

A plugin has prevented updates by disabling wp_version_check().

The easiest way to diagnose this is to disable all your plugins and revert to the default WordPress theme (twentynineteen) to see if that fixes the problem (always take backups first!). If that fixes the problem, then start re-enabling your theme and plugins one by one until you can determine which one is preventing background updates from working – you will then need to contact the theme/plugin developer to ask them to fix the issue.

If disabling all the plugins and your theme doesn’t fix the issue then it’s likely to be a hosting issue, but there’s one more thing you can check. In some cases, one of your plugins may have updated your htaccess file and disallowed background updates there. If that’s the case, deactivating the plugin in question may not fix the issue, but you can do it yourself easily enough – just go to Settings -> Permalinks in the WordPress admin and click ‘Save Changes’. You don’t actually need to make any changes, just saving the current settings on the page will reset your htaccess file.

If none of these changes work, it’s likely to be due to a server misconfiguration – if that’s the case, you’ll need to ask your host to look into the problem for you, but if you explain that you’ve already gone through the above steps that should help them diagnose and fix the issue.

How to Fix ‘Your site cannot perform loopback requests’

Loopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability. If your website cannot perform lookback requests, then it’s pretty much guaranteed to be a server configuration issue. It’s not that common, but some older hosting providers, particular those using shared hosting, can be prone to this. The only fix is to ask them to update their hosting settings, but unfortunately that’s not always possible – sometimes the way shared hosting is set up, particular for larger reseller networks, means that loopback requests are disabled for security reasons. If that’s the case, your only course of action is to upgrade to a VPS or dedicated server on that network, where you can set your own configuration, or look for another provider. Fortunately, this is becoming less common as hosting infrastructure is updated and newer platforms enter the market, so if you need to move it should be pretty easy to find a new host that doesn’t have this problem.

How to Fix ‘You should remove inactive plugins’

Adding any plugin to your website will theoretically increase the security risk that your website is exposed to, as there is always a small chance that a plugin contains a security flaw. You can minimise this by only using reputable, well-supported plugins, and using paid/premium plugins where possible – it’s also highly important that your plugins are updated on a regular basis. For best practice, you should also ensure that you remove any inactive plugins if you are sure you won’t need them – although they won’t have any noticeable effect on your site performance, they could still be executed by hackers in the event of a security breach. Luckily, disabling inactive plugins is very simple – just click on ‘Plugins’ in the WordPress admin, and scroll down your list of installed plugins. Most plugins will likely have the word ‘Deactivate’ under their title, indicating that they are currently active. However, if any plugins don’t have a blue background and instead say ‘Activate | Delete’ under the title, then they are currently inactive. Just click ‘Delete’ and WordPress will remove the plugin for you.

How to Fix ‘You should remove inactive themes’

Like the inactive plugin issue, this is more of a theoretical vulnerability, but is best-practice to limit your exposure to potential exploits contained in any themes installed in your WordPress installation. Any theme, particularly third-party/marketplace themes, can be vulnerable to security exploits, especially if they are out of date. As a result, it would be best to limit your installation to just two or three themes; the default WordPress theme (currently ‘twentynineteen’), and whatever theme you have active, plus your child theme if you are using one. If you’re not using a child theme then just your active theme plus the default WordPress theme will be fine.

In reality, you may find that you only have one theme installed – that’s fine from a security point of view, but it does mean that if your theme breaks for any reason, WordPress won’t have another theme to fall back on, which may cause your entire website to stop working. You can choose any theme as your ‘fallback’ theme, but it’s generally best to use the default WordPress theme, as this is most likely to work correctly with an existing WordPress installation.

How to Fix ‘You Have Plugins Waiting to be Updated’

Most plugins are updated regularly with new features, improvements or, occasionally, security patches. They are also sometimes updated to maintain compatibility with a new version of WordPress. As a result, it’s best practice to keep your plugins up to date. Updating your plugins is not without its risks however, as on rare occasions a plugin update might cause a feature of your website to change or stop working. Because of this, you should always ensure you have or can access a backup of your website in case you need to roll back to a previous version of a plugin – this is especially true for any major version updates, which are usually indicated on the plugin update itself to let you know there is an increase risk of compatibility issues.

As long as you have a backup of the website, you should be able to update the plugins yourself without too much fuss. Navigate to ‘Plugins’ in the WordPress admin, and scroll down the list of currently installed plugins. One by one, click any that have the word ‘Update’ next to them – to be safe, check your website over after each plugin update, so if there is a problem you’ll quickly know which update caused it. If you do notice a problem, you should be able to deactivate then delete the plugin, and then re-upload a zip of the old, working version – it’s important to note that some plugins prompt you to keep or remove settings when deactivating/deleting them, and if this is the case you normally want to keep all the settings.

How to Fix ‘You Have Themes Waiting to be Updated’

Similar to the plugin updates, it’s critical that you keep your theme up to date. Most theme updates include new features or code improvements, but occasionally a theme update is issued to fix a known security flaw – it’s absolutely vital that you update your theme if this is the case. Once a known vulnerability in a particular theme is exposed, it’s very simple for potential hackers to crawl the web looking for websites that use that theme and then hack any that haven’t updated the theme to the latest version.

In theory, it’s a quick and simple process to update your theme – click on ‘Themes’ in the WordPress admin, then click on ‘Update now’ on any themes that indicate they have an update available. In practice, it’s not always this simple, and there are several issues you may encounter:

  1. You don’t have an active licence for a particular theme – this is often the case if the original developer didn’t link up your website to the marketplace where the theme was purchased. If you don’t have an active licence, you’ll need to either go back to the original developer and ask them for the necessary information, or you’ll need to buy a new copy of the theme and activate that. Most themes cost around £40 – £50. Some themes also require an annual licence to be maintained in order to receive updates after the first 12 months.
  2. Your theme has been manually updated by a developer without using a child theme – this is bad practice for WordPress development, but unfortunately some developers still do it from time to time. It means that custom changes have been made directly to your website theme’s code, and if the theme is updated these changes will all be lost. If they are very simple changes then it should be relatively easy to re-apply them to the updated version using a child theme, but if extensive changes have been made then it may be a pretty time-consuming exercise.
  3. There is a compatibility issue between the latest version of your theme and one or more of your plugins. This isn’t very common, but sometimes there is a clash between your theme and plugins – updating your plugins at the same time will often fix this, but if not you’ll need to go back to the theme/plugin developers and ask for assistance, or use an alternative theme/plugin.
  4. The theme update changes how your website looks/operates. You will occasionally find that the theme developer has changed some aspects of the theme layout, which can have a knock-on effect on how your websites looks or works, particularly if you have used custom CSS or you haven’t updated the theme in a long time. If this is the case, you’ll likely need to make some tweaks to the website’s CSS and the theme settings in order to restore it to how it originally looked.
  5. Required plugins are deactivated. Sometimes a theme will require certain plugins in order to operate, and these may be automatically deactivated during the theme update process – this is particularly common with ‘page builder’ plugins. If this has happened, it’s normally just a case of going back into the Plugins page in the WordPress admin and clicking ‘Activate’ on any plugins that were deactivated during the theme update.

How to Fix ‘Your site does not use HTTPS’

HTTPS is highly important for data security – it encrypts the data that, for example, your users may include when they fill out your contact form or when you login to the website. If your website is not using HTTPS, all of this information is sent in plain text, rather than being encrypted – if any hackers are logged onto the same network as them (e.g. on public wifi), they will be able to read all of this information. Having personal data available in this way is a breach of GDPR, so it’s absolutely vital that you install an SSL certificate on your website and enforce HTTPS mode on any pages where users can enter data (ideally on the whole website just to be safe). In addition to the GDPR concern, hackers could also gain login details from people using your login page – not only would this put your website at risk, if anyone uses the same details for multiple websites it could also lead to their email and other accounts being hacked.

That all may sound very scary, but luckily it’s very easy to install an SSL certificate – they are often free (ask your host), and if not they are generally about £40 per year. Your server host should be able to install one without too much trouble. It’s important to remember that in addition to installing the SSL certificate, you will need to enable HTTPs mode on the website itself. In WordPress, all you need to do is navigate to the Settings -> General page in the admin, and change your website address from http://www.mywebsite.com to https://www.mywebsite.com. Your host can then force all traffic to use HTTPS with a server-level redirect. If that’s not possible, you can run a plugin like Velvet Blues to update all the references for the old HTTP address to the new HTTPS one. Finally, you may get ‘mixed content’ issues with the website if you are loading images and other assets from HTTP URLs rather than HTTPS URLs. You can fix this in two ways:

  1. Go through your website and manually update any image sources that use HTTP rather than HTTPS
  2. Install a plugin like Really Simple SSL to do the job for you!

How to Fix ‘Your WordPress version is out of date’

This is usually a very quick fix – it just means that you need to update WordPress. Click on the ‘updates’ icon in the top admin bar (it looks like two arrows forming a circle, and is usually found next to your website name) and you should see a message indicating that an update for WordPress is available. Click the ‘Update Now’ button and it should automatically update it for you and let you know when it’s done – it normally takes less than 30 seconds. As always, make sure you have a full backup available, just in case there are any issues in upgrading.

How to Fix ‘One or more recommended modules are missing’

You may notice a warning like this:

Warning The optional module, exif, is not installed, or has been disabled.

These ‘modules’ are bits of software installed on your server that help it carry out various functions. Pretty much any PHP-based website or content management system (like WordPress) will rely on one or more PHP extensions, and in most cases a whole library of these extensions is required. WordPress has maintains a list of required and recommended extensions, which you can see here. If you are missing one or more of these, you should check with your host to see if they can install it for you – it may not always be necessary to install each extension, but it’s worth asking. If a missing extension is causing part of WordPress or your website to not work correctly, however, then your host should fix this – if they can’t or won’t, you may need to look for a new host in order to fix the problem.

How to Fix ‘A scheduled event has failed’

You may see a specific error like this:

‘The scheduled event, wp_privacy_delete_old_export_files, failed to run.’

This indicates that, while your website is still working, some tasks or updates are not being carried out – these are usually handled by task scheduling software on the server called ‘cron’, and it’s likely that this is missing or not working correctly. Check with your host to ensure this is working, or ask them to enable it if it’s disabled for some reason. You can also get more information from navigating to WooCommerce > Status > Scheduled Actions, then filter for only Failed actions – this should give you specific information about what’s failing. If several tasks are failing it’s likely to be an issue with your server – if it’s just one, then it may be a problem with whichever plugin or theme that relates to, so in that case it would be worth contacting the developer in question and asking them to look into it.

Remember, many of the above fixes are highly technical in nature, and should therefore only be carried out if you are confident you know what you are doing, and have a backup/redundancy plan in case things go wrong. If you’re unsure about anything, always check with your host or a professional developer for advice before making any changes. If you need any more information on any of the above issues or anything else please contact us and we’ll do our best to help.


Leave a Reply

Your email address will not be published. Required fields are marked *