The internal server error may be caused by permission error, malicious traffic that exhaust resources and have a shortage of memory on a site or cron job that run on the site and execute time to time or database activities. Or several other reasons, these are common. 

Permission can be solved by checking and changing the permission to a correct permission. Note that a wrong permission could compromised security on a site. Be caution to avoid 777 permission. 

Malicious traffic can be solved differently depending on users understanding, you can trace malicious activities ips and black-list on firewall to block access to malicious users. You can also integrate a reCAPTCHA on the login and posting pages to minimize malicious activities and several other ways. 

You may have brute force attack as well and this is the worst, as the attackers uses thousand of ips and we offer a possble solution here Global-WordPress-Brute-Force-Attack