How to Monitor a WordPress Site: The Complete Setup Guide

WordPress powers over 40% of all websites on the internet. It's incredibly versatile, but that flexibility comes with monitoring challenges: plugin conflicts, database bloat, memory limits, and security vulnerabilities that require constant vigilance.

Why WordPress Sites Need Special Monitoring

WordPress has unique failure modes that generic monitoring might miss:

  1. White Screen of Death (WSOD) — PHP fatal error, site returns blank page (200 OK!)
  2. Plugin conflicts — an update breaks the site, often silently
  3. Database connection errors — "Error establishing a database connection"
  4. Memory exhaustion — PHP memory limit reached
  5. Brute force attacks — /wp-login.php hammered with requests
  6. Stuck cron jobs — wp-cron doesn't run, scheduled tasks pile up
  7. Auto-update failures — WordPress/plugin/theme update breaks the site
  8. Mixed content — HTTP resources on HTTPS pages after migration

Essential Monitoring Setup

1. Uptime Monitoring

Monitor these URLs separately — each can fail independently:

URL What to Check Why
yourdomain.com HTTP 200 + keyword Main site is up
yourdomain.com/wp-admin/ HTTP 200 or 302 Admin panel accessible
yourdomain.com/wp-login.php HTTP 200 Login page works
yourdomain.com/wp-json/wp/v2/posts HTTP 200 + JSON REST API functioning
yourdomain.com/xmlrpc.php HTTP 405 or blocked Should be blocked (security)
yourdomain.com/sitemap.xml HTTP 200 + XML SEO sitemap working
yourdomain.com/feed/ HTTP 200 + XML RSS feed working

2. Keyword Monitoring (Catch the WSOD)

A WordPress site can return HTTP 200 with: - A completely blank page (White Screen of Death) - A PHP error message - A maintenance mode page - A default theme because your theme crashed

Solution: Check for a keyword that should always appear on your page:

URL: https://yourdomain.com
Expected keyword: "Your Site Title" or a unique footer text
Alert if: keyword is missing (even if HTTP 200)

This catches WSOD, theme crashes, and maintenance mode issues that simple HTTP checks miss.

3. Performance Monitoring

WordPress performance degrades gradually. Monitor response time to catch it early:

Common WordPress performance issues:

Symptom Likely Cause Fix
TTFB > 2s Slow database queries Install query caching plugin, optimize DB
TTFB > 3s with spikes Uncached pages Enable page caching (WP Super Cache, W3TC)
Slow on first load, fast after No opcode cache Enable OPcache in PHP
Slow admin panel Too many plugins Audit and remove unused plugins
Slow after plugin update Plugin performance issue Test plugins individually
Gradually slower over months Database bloat Clean post revisions, transients, spam

4. SSL Certificate Monitoring

WordPress sites with expired SSL certificates show browser warnings AND break the admin panel (mixed content errors). Monitor your certificate with alerts at 30, 14, and 7 days before expiry.

Special WordPress SSL considerations: - Check that WordPress URL settings use HTTPS (Settings → General) - Verify no mixed content warnings in browser console - Ensure wp-config.php has define('FORCE_SSL_ADMIN', true);

5. Login Page Security Monitoring

The /wp-login.php page is the most attacked URL on the internet. Monitor for:

  • Response time — sudden increase may indicate brute force attack
  • Availability — if login is down, you can't manage your site
  • Rate limiting — install a plugin like Wordfence or Limit Login Attempts

6. WP-Cron Monitoring

WordPress uses wp-cron for scheduled tasks (publishing scheduled posts, checking for updates, sending emails). Unlike real cron, wp-cron only runs when someone visits the site.

Problems with wp-cron: - Low-traffic sites: cron runs infrequently or never - High-traffic sites: cron runs on every page load, wasting resources - Stuck cron: long-running tasks block subsequent runs

Solution: Disable wp-cron and use a real cron job:

// wp-config.php
define('DISABLE_WP_CRON', true);

# System crontab - run wp-cron every 5 minutes
*/5 * * * * curl -s https://yourdomain.com/wp-cron.php > /dev/null 2>&1

Then add this curl as a heartbeat monitor — if it stops running, you'll know.

WordPress-Specific Health Checks

Database Health

-- Check database size
SELECT table_schema AS 'Database',
       ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS 'Size (MB)'
FROM information_schema.tables
WHERE table_schema = 'wordpress_db';

-- Check for bloated tables
SELECT table_name, table_rows,
       ROUND(data_length / 1024 / 1024, 2) AS 'Data (MB)',
       ROUND(index_length / 1024 / 1024, 2) AS 'Index (MB)'
FROM information_schema.tables
WHERE table_schema = 'wordpress_db'
ORDER BY data_length DESC;

Common bloat culprits: - wp_options with autoloaded transients - wp_postmeta with orphaned meta - wp_comments with spam (even deleted spam leaves residue) - Post revisions (WordPress keeps unlimited by default)

PHP Configuration

Ensure your PHP settings support WordPress:

memory_limit = 256M          (minimum for WooCommerce)
max_execution_time = 300     (for large imports/exports)
upload_max_filesize = 64M    (for media uploads)
post_max_size = 64M          (must be >= upload_max_filesize)
max_input_vars = 3000        (needed for complex admin pages)

Monitoring Checklist for WordPress

Daily (Automated)

  • [ ] Homepage loads with expected content (keyword check)
  • [ ] Admin panel is accessible
  • [ ] SSL certificate is valid
  • [ ] Response time is within normal range
  • [ ] No 5xx errors in the last 24 hours
  • [ ] WP-Cron is running on schedule

Weekly (Manual or Automated)

  • [ ] Review pending plugin/theme/core updates
  • [ ] Check security scan results (Wordfence, Sucuri)
  • [ ] Review error logs for recurring issues
  • [ ] Check database size trend
  • [ ] Verify backups are completing successfully

Monthly

  • [ ] Test backup restoration
  • [ ] Audit installed plugins (remove unused ones)
  • [ ] Check Google Search Console for crawl errors
  • [ ] Review performance trends (is the site getting slower?)
  • [ ] Verify all forms are working (contact, newsletter, checkout)

When Things Go Wrong

White Screen of Death

  1. Check PHP error logs (/var/log/php/error.log)
  2. Enable WordPress debug mode: define('WP_DEBUG', true);
  3. If caused by plugin: rename /wp-content/plugins/ to identify the culprit
  4. If caused by theme: switch to default theme via database or FTP

Database Connection Error

  1. Check if MySQL/MariaDB service is running
  2. Verify credentials in wp-config.php
  3. Check database user permissions
  4. Check if disk is full (database can't write)

Site Hacked

  1. Take the site offline immediately
  2. Scan for malware (Wordfence, Sucuri)
  3. Check for unknown admin users
  4. Review recently modified files
  5. Restore from clean backup
  6. Update all passwords and security keys

Conclusion

WordPress is powerful but requires active monitoring. The combination of PHP, MySQL, plugins, themes, and frequent updates creates many potential failure points. Set up automated monitoring for uptime and performance, monitor SSL and security, and establish a regular maintenance routine. The few minutes you spend on monitoring setup will save hours of emergency troubleshooting.