The site health check shows critical information about your WordPress configuration and items that require your attention!
When browsing your WordPress dashboard, you may have noticed a new tab under Tools called Site Health. This section has been available since WordPress 5.2. The Site Health allows you to review how the technical aspects of your website is performing and view any areas of improvement. These recommended improvements can be made to security issues, SEO, website speed and issues highlighted with specific plugins – which may have otherwise been overlooked.
Many of these issues are crucial to the performance and sustainability of your website. However some of the highlighted areas are more advisory. It’s still good to know what each component does, and the best course of action to fix it.
If you’re not familiar with the instructions outlined in our breakdown, then we would recommend that you get a web developer – or speak to your hosting provider for assistance. We are of course are happy to provide support if needed. Also, before proceeding, we would recommend that you take a full back-up of your website.
WordPress Site Health error message info
Within the error messages, you’ll find that each one has a tag(s) assigned to it. This is a useful indicator of what you’ll be improving by addressing the fix. Some of the error messages can be somewhat vague – so having these as an indicator is helpful. The standard tags are as follows:
- Security: Focuses on the protection of your website, as well as vulnerabilities or potential exploits
- Performance: This focuses on the speed/usability of your website
- SSL (Secure Sockets Layer): Addresses the encryption of your website, and safeguarding sensitive data
- Plugin specific: This error will focus on a plugin specific issue, such as Contact Form 7, SEO Yoast or Monster Insights etc
A pretty comprehensive list of error messages that you’re likely to see in the WordPress Site Health area is below (in no particular order):
- You have plugins waiting to be updated
- You should remove inactive plugins
- Your site is running an older version of PHP [Version No.] which should be updated
- One or more recommended modules are missing
- You should remove inactive themes
- 301 .htaccess redirect is not enabled
- You have themes waiting to be updated
- Not all recommended security headers are installed
- eCommerce data is not being tracked [Analytics Plugin Name Here]
- Have a default theme available
- Your version of WordPress [Version No.] is not up to date
- PHP default timezone is not valid
- An active PHP session was detected
- Outdated SQL server
- UTF8MB4 is not supported
- Your site cannot communicate securely with other services
- HTTP requests are not working as expected
- Your site is set to output debug information
- A scheduled event has failed
- The REST API is not available
- Cannot communicate with WordPress.org
- Background updates are not working
- Your site cannot perform loopback requests
- Your site does not use HTTPS
You have plugins waiting to be updated
You’ll need to update your plugins to ensure that they are on the latest versions.
This can be easily remedied by going to your plugins list and clicking ‘Update’ next to the relevant plugin. If you’re managing multiple websites, or have limited time for doing manual updates, you can always enable automatic updates. This will automatically update the plugins for you when a new version becomes available.
We’ve personally found that enabling the auto-updates has greatly improved the efficiency of managing websites. However the numerous emails notifying us that a plugin has been updated does get a bit tedious. As a countermeasure to this, we installed a plugin called: Disable auto-update Email Notifications. This disables the standard auto update email. No configuration is needed, just install and activate and you’re good to go. Any plugins that we want to monitor closely we’ll check regularly and update manually.
You should remove inactive plugins
When editing or building a website it’s almost inevitable that you’ll be experimenting with multiple plugins before picking the right one for you. As a result, you may have multiple unused plugins that are deactivated. It’s always good practice to remove the unused plugins that are no longer needed to ensure your plugin dashboard is nice and tidy. Head to your plugin area for an overview of your current plugins, activated and deactivated.
Your site is running an older version of PHP [Version No.] which should be updated
The version number in your error message may differ, depending on how out of date your PHP version is. However the principle remains the same – your PHP version is out of date. To fix this you’ll need to log into your Hosting Control Panel and ensure this is updated to the latest version.
In cPanel, this can be done by accessing your cPanel dashboard and clicking ‘Select PHP Version’ or ‘MultiPHP Manager’. In the new page that loads, you’ll see a section at the top of the page stating: ‘Current PHP version’. If this is older than the latest version available, then select the latest version. Once selected from the drop down you can review any modules/extension checkboxes and when happy, click ‘set as current’ next to the version you selected. You’ll see a green box appear in the top right hand-side to confirm this change has been saved.
If you don’t have access to your cPanel dashboard or have hosting access. Then you’ll need to speak to your hosting provider and send a support ticket requesting that they need to update your PHP version to the latest one available.
One or more recommended modules are missing
WordPress requires various modules (also known as PHP extensions) to function and perform tasks correctly. To fix this issue (if you have cPanel access), you’ll need to navigate to the ‘Select PHP Version’ or ‘MultiPHP Manager’ area. In the new page that loads you’ll see a list of the available modules that can be toggled via checkboxes.
We’ve found one of the more common ones that crops up is ‘imagick’. The full list of modules and what tasks/functions they perform can be found here.
If you do not have access to cPanel then you’ll need to speak to your hosting provider. They can enable the module(s) that is not currently installed if you tell them which ones you need. If for whatever reason they ‘cannot’ or won’t install the required module, we would recommend looking for an alternative hosting provider.
You should remove inactive themes
Again, similar to the above, if you have multiple themes installed that you’ll not be using then remove them. Make sure you remove these by navigating to Appearance > Themes, here you’ll be able to see which theme is active and which ones are not needed. Note: please see ‘have a default theme available’ before removing all unused themes.
If you have a set-up with a child theme, then you may encounter this error through no fault of your own – and consequently this point will need to be left. As a potential solution to this, you can install a plugin called Site Health Tool Manager. This will allow you to toggle the messages that are displayed in the Site Health page. We would only recommend using this to toggle the visibility of minor issues that are not relevant or cannot be fixed in your situation. We do not suggest using this plugin to suppress legitimate issues that need to be fixed!
301 .htaccess redirect is not enabled
This error can be resolved by installing a plugin called Really Simple SSL. In the plugin general settings (Settings > SSL). You can select a checkbox to enable the 301 redirect, which will instantly fix the error message for you. This option is found in the free version, so no upgrade is required. If you’d rather sort this without installing an extra plugin then you can do so by adding lines of code to your .htaccess file if you have server access (for advanced users only).
You have themes waiting to be updated
Similar to the plugins, you can enable auto update on the themes to ensure they’re updated whenever a new version comes out. If you have purchased a premium theme, you’ll likely have to validate this. This is done by either logging into the account via the dashboard or by inputting a licence key to validate the license is active. Once either method has been completed, you’ll then be able to proceed with updating the theme.
Not all recommended security headers are installed
This particular fix will require cPanel or FTP access, as you’ll need to edit the .htaccess file. We’ve outlined the full specifics of how this can be done in a separate blog post here.
Again, this is for advanced users only. If you’re not familiar with accessing or editing the .htaccess file then look for assistance from a website developer or your host when addressing this fix!
eCommerce data is not being tracked [Analytics Plugin Name Here]
For tracking user traffic and engagement, we personally use a plugin called Monster Insights. This plugin tracks visitor usage via Google Analytics and provides a nice 30 day summary straight from your WordPress dashboard. To cover shop analytics though you’ll need the eCommerce add on which is a premium upgrade add on.
We’ve found an alternative plugin that doesn’t require premium upgrades. It covers e-commerce shops and is called Enhanced E-commerce Google Analytics Plugin for WooCommerce which fulfils our needs. This will ensure that the data is successfully tracked both for general website and e-commerce statistics as well.
Have a default theme available
This error requires that you have a default WordPress theme installed. Strangely enough – we’ve found that having a recent version such as 2020, 2021 didn’t resolve the issue. We had to install the 2013 version for this error to be resolved (a lot of trial and error!). This is a known issue and will likely be fixed in a soon to come update. So that a more recent version of the WordPress theme can be used.
We understand the logic of having a fallback theme in case the current theme encounters issues. However we’re not huge fans of having to keep an old version of a WP theme just to fulfil this criteria! If you feel your theme is reliable enough then you could skip this advisory, its completely up to you!
Your version of WordPress [Version No.] is not up to date
This is easily fixed by updating WordPress to the latest version. You may be seeing this error in Site Health, but not the WordPress update notification within your dashboard. Head to Dashboard > Updates and there you can force a check for the latest version of WordPress.
If you can’t see any option to update or check for a new version then you most likely don’t have the correct privileges. Administrator credentials are required to gain access to this area of the dashboard. Alternatively you may have a plugin installed which is overriding the updating capabilities of Plugins/WordPress/Themes.
We strongly recommend not overriding the native updating capabilities of WordPress. These updates will contain speed/performance and security fixes and patches which are crucial. The longer your site remains out of date, the more vulnerable it becomes.
PHP default timezone is not valid
If you see this error, this likely means that something has become misconfigured along the line. There is also a possibility that a plugin may be overriding the default timezone which could be causing the error. For example on one occasion we’ve found that a misconfigured events plugin was responsible for this.
A fix for this is to try deactivating your plugins one by one to eliminate the possibility that this isn’t the cause of the issue. If this didn’t help to resolve it, then you’ll need to speak to your hosting provider and raise a support ticket with them.
An active PHP session was detected
We’ve personally found that the main cause of this error was a misconfigured plugin. Similar to the above fix, try deactivating your plugins one by one and check the Site Health to see if the error message has been cleared. If it has – great! Delete the unnecessary plugin and switch to an alternative one if needed. If this error hasn’t been fixed, then again you’ll need to speak to your hosting provider regarding this – as the issue could be caused by an error in your code or a misconfigured set-up.
Outdated SQL server
To resolve this error – you’ll need to speak to your Hosting provider. Your host should be providing the latest stable version of SQL. If they don’t – or for whatever reason, they can’t, we would strongly advise that you change hosing provider. This is a very standard expectation of a hosting company.
UTF8MB4 is not supported
UTF8MB4 is the standard encoding for WordPress. If you’re seeing this error, then your site is likely very out of date – and therefore using the old encoding. The best way to fix this error is to navigate to Dashboard > Update and ensure that WordPress is updated to the latest version. Don’t forget to check that no ‘update blocking’ plugins are running which may prevent this.
Your site cannot communicate securely with other services
There are several known issues that can flag up this error. It could be a DNS misconfiguration, or a plugin such as Jetpack which has caused this issue to occur. If you don’t have Jetpack installed, we’d recommend speaking to your hosting provider to fix this. It is likely a server level issue which cannot be remedied straight from the WordPress dashboard.
HTTP requests are not working as expected
This issue is often caused by a misconfigured plugin or theme. To fix, try deactivating your plugins one by one and keep checking the Site Health page to check if the issue has cleared. Once the problematic plugin/theme has been isolated – deactivate/delete this to address the issue. You may need to find a replacement plugin or theme to keep the functionality of your site.
Your site is set to output debug information
When there is an issue on a WordPress website, it’s useful to enable a debug option in WordPress, via the wp-config.php file. In doing so this can reveal potentially sensitive data about the website.
If you’re showing debug information we would advise you to hide this immediately. This can be done by navigating to your wp-config file in your file manager (this is located in your site root). Once you’ve found the file – look for the following line:
define( ‘WP_DEBUG’, true );
You’ll then need to change this statement to false, see below:
define( ‘WP_DEBUG’, false );
Once you’ve saved the wp-config.php file the error should now be fixed!
A scheduled event has failed
Scheduled events and actions are handled by the WordPress CRON. This error can be caused by a wide range of factors. Strangely we’ve found that this error will disappear when returning at a later date, resolving itself.
If however this issue does persist and is in relation to a specific plugin, then (providing the plugin is on the latest version) it might be worth switching to an alternative plugin. If the error is in relation to the WordPress core – then you’ll need to speak to your hosting provider to fix this for you.
The REST API is not available
REST API is a service that allows WordPress to communicate with various applications. One of the likely causes for this is a misconfigured .htaccess file. This file can be found in your file manager in the site root. However, you’ll need to ensure that you have the option show hidden files enabled. Once this option is toggled, you’ll now be able to view and edit the .htaccess file.
WordPress has a clear structure in place for how the .htaccess file should be laid out. You should have the following information:
[sourcecode language=”plain”]
# BEGIN WordPress
RewriteEngine On
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
[/sourcecode]
If you have an optimisation plugin installed or have enabled a theme based compression feature – you may see additional code after the end statement. We’d suggest leaving this untouched and only modify the code within the # BEGIN / # END statement. If you do not feel comfortable in modifying the code yourself, you’ll need to speak to a web developer or alternatively ask your host to assist you.
Cannot communicate with WordPress.org
This is essential for ensuring your WordPress website and plugins are fully up to date. If this issue persists (sometimes it’s only a temporary error which can happen from time to time due to minor outages or temporary downtime) then you’ll need to speak to your host as the error is often caused by a DNS misconfiguration.
Background updates are not working
This error is often caused by a plugin that is restricting the updating of plugin and themes. If you’ve checked your plugin list and cannot see any update restricting plugin, then you’ll need to speak to your hosting provider and get them to look into this for you, as this can potentially be a server side issue.
Your site cannot perform loopback requests
Loopback requests are an essential part of WordPress’ ability to perform various tasks such as plugin or theme updates. These keep your site running at it’s optimum capability. If you do see this error in your WordPress Site Health panel you’ll need to speak to your hosting provider to fix this as this is typically a server side issue.
Your site does not use HTTPS
Having a secure website in this day and age is crucial. Not only for the protection and security of your data, but also for lesser known SEO benefit as well. More information on this can be found in a previous Blog post – What is SSL Security?.
If you’re not using a secure connection you’ll need to get yourself an SSL certificate. This is done in two steps:
Firstly, you’ll need to purchase an SSL Certificate. This is normally done through your host who will provide you with multiple options based on your website size, structure and complexity. Once you’ve purchased your SSL Certificate and have had this applied to your domain (again your host should help you with this) you’ll be ready for the second part.
Secondly, you’ll need to ensure that your links are all secure, and using the https:// version not http://. This can be done by installing the Really Simple SSL Plugin and enabling the options and features as instructed on install. Once the settings have been enabled, the error should no longer display.
There we have it – WordPress Site Health Check Complete!
Thats most of what you need to know to ensure your WordPress Site Health is in tip-top shape.
Several of the outlined recommendations will indicate that you need to speak to your host to implement a fix. If for whatever reason they’re unable to do so, then get in touch with us and we’ll see how we can help. Once we’ve assessed your situation, we’ll be able to provide a no-obligation quote/timescale to implement fixes to improve your WordPress Site Health. Server side access (such as cPanel login) and Administrator WordPress login credentials are required for us to investigate this.
If you have any general questions or queries regarding the WordPress Site Health or anything else WordPress related then please don’t hesitate to get in touch – we’re always more than happy to chat!