WordPress · CallumBW95 · Sep 30, 2025 · Oct 2, 2025
diff --git a/src/wp-admin/setup-config.php b/src/wp-admin/setup-config.php
@@ -301,12 +301,12 @@ function setup_config_display_header( $body_classes = array() ) {
 		$tryagain_link = '</p><p class="step"><a href="' . $step_1 . '" onclick="javascript:history.go(-1);return false;" class="button button-large">' . __( 'Try Again' ) . '</a>';
 
 		if ( empty( $prefix ) ) {
-			wp_die( __( '<strong>Error:</strong> "Table Prefix" must not be empty.' ) . $tryagain_link );
+			wp_die( __( '<strong>Error:</strong> "Table Prefix" must not be empty.' ) . $tryagain_link, 400 );
 		}
 
 		// Validate $prefix: it can only contain letters, numbers and underscores.
 		if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) {
-			wp_die( __( '<strong>Error:</strong> "Table Prefix" can only contain numbers, letters, and underscores.' ) . $tryagain_link );
+			wp_die( __( '<strong>Error:</strong> "Table Prefix" can only contain numbers, letters, and underscores.' ) . $tryagain_link, 400 );
 		}
 
 		// Test the DB connection.
@@ -331,7 +331,7 @@ function setup_config_display_header( $body_classes = array() ) {
 		$wpdb->db_connect();
 
 		if ( ! empty( $wpdb->error ) ) {
-			wp_die( $wpdb->error->get_error_message() . $tryagain_link );
+			wp_die( $wpdb->error->get_error_message() . $tryagain_link, 500 );
 		}
 
 		$errors = $wpdb->suppress_errors();
@@ -340,7 +340,7 @@ function setup_config_display_header( $body_classes = array() ) {
 
 		if ( ! $wpdb->last_error ) {
 			// MySQL was able to parse the prefix as a value, which we don't want. Bail.
-			wp_die( __( '<strong>Error:</strong> "Table Prefix" is invalid.' ) );
+			wp_die( __( '<strong>Error:</strong> "Table Prefix" is invalid.' ), 400 );
 		}
 
 		// Generate keys and salts using secure CSPRNG; fallback to API if enabled; further fallback to original wp_generate_password().

diff --git a/src/wp-admin/update-core.php b/src/wp-admin/update-core.php
@@ -20,7 +20,7 @@
 }
 
 if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) && ! current_user_can( 'update_languages' ) ) {
-	wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+	wp_die( __( 'Sorry, you are not allowed to update this site.' ), 403 );
 }
 
 /**
@@ -1152,7 +1152,7 @@ function do_undismiss_core_update() {
 } elseif ( 'do-core-upgrade' === $action || 'do-core-reinstall' === $action ) {
 
 	if ( ! current_user_can( 'update_core' ) ) {
-		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ), 403 );
 	}
 
 	check_admin_referer( 'upgrade-core' );
@@ -1188,7 +1188,7 @@ function do_undismiss_core_update() {
 } elseif ( 'do-plugin-upgrade' === $action ) {
 
 	if ( ! current_user_can( 'update_plugins' ) ) {
-		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ), 403 );
 	}
 
 	check_admin_referer( 'upgrade-core' );
@@ -1229,7 +1229,7 @@ function do_undismiss_core_update() {
 } elseif ( 'do-theme-upgrade' === $action ) {
 
 	if ( ! current_user_can( 'update_themes' ) ) {
-		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ), 403 );
 	}
 
 	check_admin_referer( 'upgrade-core' );
@@ -1270,7 +1270,7 @@ function do_undismiss_core_update() {
 } elseif ( 'do-translation-upgrade' === $action ) {
 
 	if ( ! current_user_can( 'update_languages' ) ) {
-		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ), 403 );
 	}
 
 	check_admin_referer( 'upgrade-translations' );
@@ -1299,7 +1299,7 @@ function do_undismiss_core_update() {
 } elseif ( 'core-major-auto-updates-settings' === $action ) {
 
 	if ( ! current_user_can( 'update_core' ) ) {
-		wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
+		wp_die( __( 'Sorry, you are not allowed to update this site.' ), 403 );
 	}
 
 	$redirect_url = self_admin_url( 'update-core.php' );

diff --git a/src/wp-admin/update.php b/src/wp-admin/update.php
@@ -26,7 +26,7 @@
 
 	if ( 'update-selected' === $action ) {
 		if ( ! current_user_can( 'update_plugins' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ), 403 );
 		}
 
 		check_admin_referer( 'bulk-update-plugins' );
@@ -54,7 +54,7 @@
 
 	} elseif ( 'upgrade-plugin' === $action ) {
 		if ( ! current_user_can( 'update_plugins' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ), 403 );
 		}
 
 		check_admin_referer( 'upgrade-plugin_' . $plugin );
@@ -77,7 +77,7 @@
 
 	} elseif ( 'activate-plugin' === $action ) {
 		if ( ! current_user_can( 'update_plugins' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ), 403 );
 		}
 
 		check_admin_referer( 'activate-plugin_' . $plugin );
@@ -104,7 +104,7 @@
 	} elseif ( 'install-plugin' === $action ) {
 
 		if ( ! current_user_can( 'install_plugins' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ), 403 );
 		}
 
 		require_once ABSPATH . 'wp-admin/includes/plugin-install.php'; // For plugins_api().
@@ -121,7 +121,7 @@
 		);
 
 		if ( is_wp_error( $api ) ) {
-			wp_die( $api );
+			wp_die( $api, 503 );
 		}
 
 		// Used in the HTML title tag.
@@ -149,13 +149,13 @@
 	} elseif ( 'upload-plugin' === $action ) {
 
 		if ( ! current_user_can( 'upload_plugins' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ), 403 );
 		}
 
 		check_admin_referer( 'plugin-upload' );
 
 		if ( isset( $_FILES['pluginzip']['name'] ) && ! str_ends_with( strtolower( $_FILES['pluginzip']['name'] ), '.zip' ) ) {
-			wp_die( __( 'Only .zip archives may be uploaded.' ) );
+			wp_die( __( 'Only .zip archives may be uploaded.' ), 415 );
 		}
 
 		$file_upload = new File_Upload_Upgrader( 'pluginzip', 'package' );
@@ -187,7 +187,7 @@
 
 	} elseif ( 'upload-plugin-cancel-overwrite' === $action ) {
 		if ( ! current_user_can( 'upload_plugins' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ), 403 );
 		}
 
 		check_admin_referer( 'plugin-upload-cancel-overwrite' );
@@ -208,7 +208,7 @@
 	} elseif ( 'upgrade-theme' === $action ) {
 
 		if ( ! current_user_can( 'update_themes' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to update themes for this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to update themes for this site.' ), 403 );
 		}
 
 		check_admin_referer( 'upgrade-theme_' . $theme );
@@ -231,7 +231,7 @@
 		require_once ABSPATH . 'wp-admin/admin-footer.php';
 	} elseif ( 'update-selected-themes' === $action ) {
 		if ( ! current_user_can( 'update_themes' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to update themes for this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to update themes for this site.' ), 403 );
 		}
 
 		check_admin_referer( 'bulk-update-themes' );
@@ -259,7 +259,7 @@
 	} elseif ( 'install-theme' === $action ) {
 
 		if ( ! current_user_can( 'install_themes' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ), 403 );
 		}
 
 		require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; // For themes_api().
@@ -277,7 +277,7 @@
 		); // Save on a bit of bandwidth.
 
 		if ( is_wp_error( $api ) ) {
-			wp_die( $api );
+			wp_die( $api, 503 );
 		}
 
 		// Used in the HTML title tag.
@@ -301,13 +301,13 @@
 	} elseif ( 'upload-theme' === $action ) {
 
 		if ( ! current_user_can( 'upload_themes' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ), 403 );
 		}
 
 		check_admin_referer( 'theme-upload' );
 
 		if ( isset( $_FILES['themezip']['name'] ) && ! str_ends_with( strtolower( $_FILES['themezip']['name'] ), '.zip' ) ) {
-			wp_die( __( 'Only .zip archives may be uploaded.' ) );
+			wp_die( __( 'Only .zip archives may be uploaded.' ), 415 );
 		}
 
 		$file_upload = new File_Upload_Upgrader( 'themezip', 'package' );
@@ -339,7 +339,7 @@
 
 	} elseif ( 'upload-theme-cancel-overwrite' === $action ) {
 		if ( ! current_user_can( 'upload_themes' ) ) {
-			wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) );
+			wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ), 403 );
 		}
 
 		check_admin_referer( 'theme-upload-cancel-overwrite' );