Fresh WordPress install Showing WSOD (White Screen of Death)

Posted January 22, 2020 1.6k views

I am running Debian Buster with Nginx, PHP 7.3 and the latest WP v. 5.3.2.

Everything works as it should in my local test env. When I push things to my DO droplet it gets wonky. My site works in full – and I can login to my WP admin and make some changes to certain things (select a new theme, change the name of the site).

But many or most functions do not work, do not load, and just hang on a white page that never renders (the WSOD). Trying to create a new page, or load anything in Gutenberg, or even to do a health check – all of these things just hang and never render or complete loading.

I have a feeling it’s something to do with how php is or is not configured.

My nginx php block looks like this.

  # PHP
  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    include fastcgi_params;

Any help or pointers would be appreciated. I enabled the debug setting in wp-config but don’t know where this should be showing up. And further when I tail what I think should be my php log in /var/log/ I can’t see anything being written.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

*** SOLVED ***

I discovered (belatedly) that the pages were actually loading, just unable to render. Found Content-Security-Policy errors and traced it back to this line in my nginx config for this site.

add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;

Removing this line fixes everything.

I would love to know if this should just be eliminated completely or if it should be modified to accommodate WP in a way that is still more secure. 🙏.

FWIW this was part of a larger block of security policies I originally setup here using this tool hosted by DO.

I didn’t plan on hosting a WP site at the time, but it seems like the security policy for content headers you would have generated is exactly the same even when you do ✅ WordPress.

Something to be aware of if things are mostly working but failing to render in the last mile!

Also, check your browsers dev tools. 🙄 By making an early assumption about where the errors would be (php or nginx logs) I missed early and obvious clues that would eventually point me in the right direction within a matter of seconds.

And I have double-checked all permissions on files are as they should be. I even did this when WP couldn’t write the wp-config…and it still couldn’t write it. Very strange.

I included the wrong block – this is the one I wanted to include. I have it a few lines up from the PHP block disclosed above.

  location / {
   # try_files $uri $uri/ =404;
    try_files $uri $uri/ /index.php?$args;

Some other clues…

  • The wp-config could not be written by WP, I had to edit it manually.

  • “WordPress Events and News” widget doesn’t load, thinks the network is down

  • Site health similarly hangs, never starts or completes.

  • All previously mentioned functions with Gutenberg, editing or creating a new page fail in a similar way.

And yet the site works! PHP is working.