Publicly viewable error.log file

  • Resolved simkog

    (@simkog)


    3 years, 3 months ago

    Hello,

    I’ve been using your plugin for 1-2 years now. Yesterday I got a notification that the Google Drive backup cannot be done because of some permission error. It has been solved, no worries.

    BUT! I noticed that the plugin saves its log file in a separated error.log within the plugin folder and it’s publicly viewable by anyone who knows the link to it (so anyone who uses this plugin). It can contain sensitive information about the server my website is hosted. It is a bad habit to allow access to a log file.

    Could you use the default WordPress error.log file for errors? Or at least, disallow public access to this folder and its files:
    /wp-content/plugins/all-in-one-wp-migration/storage/

Viewing 1 replies (of 1 total)
  • Plugin Author Yani

    (@yaniiliev)

    You can change your web server configuration by disallowing direct access to .log files. It will not break the plugin.

    The file logs errors and exceptions that happen during migration. It is what we use to help with failed migration. It should not be logging any sensitive data.
    What type of sensitive data do you see?

    The default WordPress debug file is stored in wp-content and is also accessible.

Viewing 1 replies (of 1 total)
  • The topic ‘Publicly viewable error.log file’ is closed to new replies.