ErrorNotes

How to Fix the 'Headers Already Sent' Error in WordPress

intermediate📝 WordPress2026-04-27| WordPress (any version), PHP 7.4 - 8.3+, Nginx/Apache on Linux or Windows.

Error Message

Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-config.php:1)
#wordpress#php#troubleshooting#wp-config

What This Error Actually Means

The "headers already sent" warning is a classic PHP headache. Think of an HTTP response like a physical letter. The headers are the envelope, and the HTML is the letter inside. PHP must finish writing the envelope before it puts the letter in. If your server sends even a single character of content—a space, a line break, or a stray byte—it "seals" the envelope. When WordPress later tries to add a cookie or a redirect (both are headers), it fails because the envelope is already gone.

The error message is your roadmap. It tells you exactly where the "leak" started:

Warning: Cannot modify header information - headers already sent by (output started at /path/to/wp-config.php:1)

In this example, the problem is on line 1 of wp-config.php. Usually, this means an invisible character is sitting right at the start of the file.

Step 1: Hunting for Leading Whitespace

The most common trigger is a simple space or a blank line before the opening <?php tag. Even one 0x20 space character is enough to break your site.

  • Access your server files using SFTP (like FileZilla) or your hosting File Manager.
  • Download the file mentioned in the error (usually wp-config.php or functions.php).
  • Open it in a code editor. Ensure the <?php tag is the absolute first thing in the file. No spaces. No empty lines.

The Wrong Way:

 [space or empty line here]
<?php
define('DB_NAME', 'database_name');

The Right Way:

<?php
define('DB_NAME', 'database_name');

Step 2: Stripping the UTF-8 BOM

If line 1 looks clean but the error persists, you likely have a Byte Order Mark (BOM). This is a hidden set of characters (EF BB BF) that editors like Windows Notepad often sneak into the beginning of a file. PHP sees these invisible bytes as output.

Don't use Notepad. Instead, use a professional editor like VS Code or Notepad++:

  • In VS Code: Check the bottom right status bar. If it says "UTF-8 with BOM," click it. Select "Save with Encoding" and choose "UTF-8".
  • In Notepad++: Open the Encoding menu. Select "UTF-8 (No BOM)" and save.

Step 3: Kill the Closing PHP Tag

In PHP-only files like functions.php, the closing ?> tag is optional. In fact, it is safer to remove it entirely. If you have a closing tag and accidentally hit the "Enter" key after it, that trailing newline counts as output and triggers the error.

Scroll to the bottom of the file. If you see ?>, delete it. Modern WordPress standards (and PSR-12 coding guidelines) recommend leaving it off to prevent this exact issue.

Step 4: Isolating Plugin and Theme Conflicts

Sometimes the error points to a file deep inside wp-content/plugins/. This happens when a plugin tries to echo data or has its own whitespace issues.

  • If the error points to /plugins/contact-form-7/functions.php:45, deactivate that specific plugin.
  • If the error points to your theme, switch to a default theme like Twenty Twenty-Four.
  • Check the file for echo, print, or raw HTML appearing outside of a function. These should almost always be hooked into init or wp_head instead of running globally.

Step 5: The "Band-Aid" Fix (Output Buffering)

Need your site back online while you investigate? You can force PHP to wait before sending content. This is called Output Buffering. It tells the server to hold everything in a temporary buffer until the page is ready.

Add this line to the very top of your wp-config.php, immediately after the opening <?php:

ob_start();

Warning: This doesn't fix the root problem; it just hides the symptom. It can also slightly increase memory usage, so use it as a temporary measure only.

How to Verify the Fix

After saving your changes, don't just refresh the homepage. Follow these steps:

  • Open your site in an Incognito/Private window to bypass local cookies.
  • Try to log in to /wp-admin. The login process relies heavily on headers; if it works, you've won.
  • Check your server's error_log file. If no new "headers already sent" entries appear in the last 60 seconds, the issue is resolved.

Prevention Checklist

  • Ditch Notepad: Use VS Code, Sublime Text, or PHPStorm.
  • No Closing Tags: Never use ?> at the end of PHP files.
  • Check Your Hooks: Never use echo before the get_header() function in your templates.
  • Watch Your Logs: Keep WP_DEBUG enabled on your staging site to catch these errors before they hit production.

Related Error Notes

Fixing the 'Another Update is Currently in Progress' Error in WordPress

Another update is currently in progress.

Fix WordPress Error: Table 'wp_options' is marked as crashed and should be repaired

Table 'wp_options' is marked as crashed and should be repaired

Fix 'Cookie nonce is invalid' (rest_cookie_invalid_nonce) in WordPress REST API

{ "code": "rest_cookie_invalid_nonce", "message": "Cookie nonce is invalid", "data": { "status": 403 } }