Testing connectivity to Websites

My first step here would be to compare the behaviour of those problematic sites to the behaviour of other sites at the time when the issue with the problematic ones exists. This should tell you quite quickly whether it is a WiFi capacity problem (too many users generating traffic at the same time) or another one. For this step, you even don't need to switch Wireshark on.

If those problematic sites account for vast majority of the traffic of the clients of the WiFi, as is e.g. often the case with companies using cloud applications, the issue may be also that there is a NAT between the WiFi clients and the internet, and it runs out of available TCP ports as too many clients are using too many short-lived TCP sessions per unit of time. After closing a session to a given server, the TCP port used for that session at client side is usually unusable for a new session for the next two minutes.

If none of the two cases above seems likely to you, and also to verify whether the second one actually happens, run one Wireshark capture at one of the client PCs and, simultaneously, another Wireshark capture at the AP's wired interface looking towards the internet (using a tap, a hub, a monitoring port of a switch) or, if your infrastructure is more complex than a single AP which gets a public IP address from an ISP, at more points along the path between the client and the ISP-facing interface of your gateway router. Then you should be able to align the two (or more) traces and see whether all what gets to the AP from one side gets successfully to the other one (client -> internet and internet -> client), and if not, which box doesn't let the packets through.