Recently, while working on a Drupal 9.x website, we encountered the white screen of death (WSOD) on login right after updating the Captcha, Image Captcha, and Spam Master modules. The login page would load, but after submitting credentials, the site only showed a blank white screen.

If you face the same issue, the following steps may help. While this happened in Drupal 9.x, the same troubleshooting steps and tips can also apply to later Drupal versions like D10 and D11 as long as the scenario is similar involving login and spam-related modules.

Steps that helped fix the issue

1. Disable problematic modules via Composer and Drush

   • The real solution was to disable CAPTCHA, Image CAPTCHA, and spammaster using Drush.

   • Example commands:

     composer remove drupal/captcha drupal/image_captcha drupal/spam_master drush pm:uninstall captcha image_captcha spam_master -y

   • Once these were disabled and caches were cleared, the login page worked again.

2. Clear caches

   • After disabling the modules, clear Drupal’s caches to rebuild the registry:

     drush cr

3. Clear flood tables (optional, if applicable)

   • Sometimes, WSOD can be caused by too many failed login attempts or blocked IP sessions.

   • You can clear Drupal’s flood tables via CLI:

     drush sqlq "TRUNCATE flood;"

   • Or via phpMyAdmin by opening the flood table and truncating it manually.

4. Incrementally upgrade core and modules

   • In our case, we eventually upgraded from Drupal 9.1 to a higher 9.x release along with the related modules.

   • Incremental upgrading can prevent version mismatches that sometimes cause login or rendering issues.

Why this happens

Modules that alter or protect the login form can sometimes block access entirely when they:

• Conflict with newer PHP versions

• Depend on outdated libraries

• Are not maintained or compatible with recent Drupal core releases

In this case, disabling Captcha, Image Captcha, and Spam Master immediately resolved the WSOD login problem.

Key lessons learned

• When facing WSOD on login, check recently updated captcha or spam-related modules first.

• Disable them via Composer and Drush rather than manually editing database config rows.

• Clearing flood tables may help if IP-based login blocks are contributing to the issue.

• Incremental core and module updates reduce the risks of sudden incompatibilities.

This issue happened on Drupal 9, but the same fix may apply to Drupal 10, Drupal 11, and future versions whenever login and spam blocking-related modules cause conflicts.

At iBuild.PH, we help businesses keep their Drupal websites secure, updated, and stable. From module troubleshooting to full website upgrades and maintenance, our Drupal specialists can quickly resolve issues like WSOD and prevent them from happening again.

Contact iBuild.PH

Marikina City, Metro Manila, Philippines
Landline: (+63 2) 7625-6994 / (+63 2) 8632-1748
Mobile/Viber/WhatsApp: (+63) 945 217-3344
Email: info@ibuild.ph | CC: admin@ibuild.ph
Website: https://www.ibuild.ph