Imagine for a moment that you’re searching for a topic.
You find what you’re looking for on the first page of Google’s search results and click through to the website. But instead of the expected web page, you find yourself staring down the barrel of a 503: Service Unavailable error message.
You’re going to immediately click back and navigate to the next result, right?
More often than not, a visitor confronted with a 503 status code will immediately return to the search results and go somewhere else. 503 errors can lead to confusion and frustration for users — and may have a long-lasting impact on your traffic.
To make matters more complicated, there are a wide range of different problems that can lead to 503 errors on your website.
There’s no 100% quick and easy fix to resolve 503 errors on your site. Errors happen due to plugin conflicts, unexpected maintenance, and connection floods that take the server down. It will take a bit of digging to find out the source.
In today’s post, we’ll be exploring the ins and outs of 503 errors to uncover what they mean for your site and traffic. We’ll also explore what causes them and how to fix 503s on your website.
- What is HTTP error 503?
- How to fix a 503 Service Unavailable error
- Malware & 503 errors
- DDoS & 503 errors
- Do 503 errors impact SEO?
What is an HTTP 503 error?
The Internet Engineering Task Force defines the 503 Service Unavailable error as follows:
The 503 (Service Unavailable) status code indicates that the server is currently unable to handle the request due to a temporary overload or scheduled maintenance, which will likely be alleviated after some delay. The server MAY send a Retry-After header field to suggest an appropriate amount of time for the client to wait before retrying the request.
In simple terms, an HTTP 503 error indicates your site can’t be reached because your server isn’t available. This response code can occur if your website is too busy or under maintenance. You may also receive a 503 if your site is experiencing a DDoS attack or something else that requires further investigation.
The most frustrating thing about a 503 error code is that very little information is given to you to work with. Even though 503 errors help you identify a problem with server availability, they won’t tell you the reason for it happening. Most times, you’ll just find a “Service temporarily unavailable” message.
Status Codes: 503 Error
503 error codes come in different shapes and sizes, but they mean the same thing. Here are a few different variations you might encounter in your browser.
- 503 Service Unavailable
- http/1.1 Service Unavailable
- HTTP Server Error 503
- 503 Error
- HTTP 503
- HTTP Error 503
Now that we’re familiar with some of the different naming conventions for 503 errors, let’s take a look at how to fix them.
How to fix a 503: Service Unavailable error
Since you won’t always know what has caused the 503 error, we’re going to need to do some methodical troubleshooting to pinpoint the root cause.
Here are eight steps to help resolve a 503 error on your website. Remember to refresh your web page before and after trying any of these steps.
1 – Check to see if your server is going through maintenance.
Almost all web servers shut down when they’re going through maintenance. To rule out the possibility of 503 errors due to maintenance, check your server’s configuration options to see when automatic maintenance sessions are scheduled. If any updates need to be applied to your site, we recommend that you schedule them when your site’s traffic is lowest so that your visitors don’t encounter these errors.
2 – Look through your server and application logs.
Server logs give you information about the hardware that is running your server and also reveal details about its status and health. And application logs recount your website’s full history. These important logs also allow you to see the web pages requested by visitors, and the servers they are connected to. You’ll want to review all of your logs files to identify any suspicious details that may be lurking server-side.
3 – Review code for bugs and recent file modifications.
If there’s an error in your website’s plugins, or theme files, your web server might not be able to correctly answer or respond to requests. In fact, plugin conflicts and misconfigured web applications are a known cause of 503 errors. So you’ll want to examine your website code for any recent changes or bugs that may be causing the problem on your site. If you have file integrity monitoring in place or are able to review recent changes and modifications to your website, you may be able to pinpoint the situation and root cause of the issue and revert back to a last known good configuration.
4 – Enable WP_DEBUG in WordPress.
WordPress websites come bundled with a debug tool that makes it easy to see root causes for website errors – a feature known as WP_DEBUG. Try securely activating debugging on WordPress then review your logs to troubleshoot and pinpoint the cause of the error.
If you see 503 errors in WordPress, this feature can save a lot of troubleshooting cycles. The results of debug mode will be found in your debug.log file.
5 – Increase your server resources.
A 503 error is often a sign that your website is under temporary overload. Contact your web host to discuss the 503 error and let them know which steps you’ve already tried. If recurring HTTP 503 errors are regularly caused by traffic spikes, it is advisable to increase your web server resources investment. Try upgrading your hosting plan to see if that resolves the issue.
6 – Try a server reboot.
Sometimes, congestion builds up in the server chain hosting your website. One of the quickest methods to troubleshoot a 503 error is to refresh your server and restart your web browser. If your website happens to be hosted on a number of servers, please ensure you restart all of them to get them up and running again.
7 – Use a web application firewall.
A server overload can be caused by a DDoS attack which floods your server’s resources and takes your website offline, resulting in a 503 error. Set up a website firewall to help block fake traffic and malicious bots, mitigating the effects of a DDoS attack in the process.
WAFs and CDNs often serve used digital resources from its own cache relieving load on the hosting server, either due to a DDoS attack or a general lack of server resources such as processor and memory.
Refer to our post on how to know if you’re under DDoS attack for more details on troubleshooting this step, or check out this video below on how to identify and stop DDoS.
8 – Scan for malware.
In some cases, SEO spam, infected plugins or themes, or even cryptomining malware can cause 503 errors on your website. You’ll want to perform an extensive scan of your website’s files and server to rule out a compromise or infection causing the error.
Remember: If your site is undergoing scheduled maintenance, a 503 Service Unavailable status is precisely what you want on your website until maintenance is done. But if left untreated long-term, it can have harmful effects on SEO.
Most importantly, you’ll want to fix site errors as soon as they’re detected. If visitors find an error when they navigate to your web page, they’ll be less likely to return to your site in the future.
Pro tip: Set up website monitoring to be notified of future issues, server errors, and other indicators of compromise on your web pages.
How does malware cause 503 server errors?
Any malware that overloads the server can lead to 503 errors. For example, cryptominer malware is designed to abuse the resources and often results in maxed out CPU. As resources are hogged to mine crypto currency instead of keeping your website online, visitors will be unable to establish a connection with the server. This leads to 503 errors on your site.
SEO spam is another example of malware that can result in HTTP 503 errors. Many spam infections create thousands of spammy URLs on the victim website, marketing things like pharmaceuticals, essay writing services, and other spam content.
These URLs get indexed by search engines like Google and become lodged within search results. Even after the SEO spam infection is removed, search engines will continue to attempt to index the spam pages. Since the malicious spam pages may number in the tens (or even sometimes hundreds) of thousands, it can cause the website to go completely offline.
Eventually the spam URLs will disappear, but it typically takes a few weeks (sometimes longer) before that occurs.
How does DDoS result in 503: Service Unavailable errors?
An HTTP 503 error is a sign that your origin web server has been temporarily overloaded. And since DDoS attacks overwhelm and disrupt normal operations and website functionality, the most immediate and obvious impact is that your server resources are overwhelmed. Your website may be unavailable as a result, leading to HTTP 503 errors in your browser.
Do 503 errors impact SEO?
A 503: Service Unavailable status is exactly what a webmaster should return when a site is undergoing scheduled maintenance. When Google bot encounters a 503 error, it knows to come back later on to check the page. But if over time search engine bots continue to encounter the error, it will understand that the problem is not temporary and remove the page from its index.
Because they affect the user experience directly, 503 error codes can be harmful to your SEO. Any long-term 503 errors will have a direct impact on your website rankings.
The 503 error can cause a lot of disruption for your website. But with a bit of luck, your 503 error was merely the result of a scheduled maintenance and these instructions were able to help you get quickly back online.
To identify the root cause of a 503 error, follow these troubleshooting steps:
- Check for server maintenance
- Look through server and application logs
- Review code for bugs and file modifications
- Enable WP_DEBUG to troubleshoot
- Increase server resources
- Reboot your server
- Use a web application firewall
- Scan for malware
If you have detected a DDoS attack or website malware as the culprit and you need a hand tackling the problem, we’re here to help. We can help safely remove malicious code found in your website file system and server, mitigate DDoS attacks, and get your site back online.