Site is set to log errors to a potentially public file

  • Resolved WanderingOn

    (@wanderingon)


    4 years, 4 months ago

    Hi,

    Under Tools > Site Health, the following issues was reported for my website:

    Your site is set to log errors to a potentially public file.

    Debug mode is often enabled to gather more details about an error or site failure, but may contain sensitive information which should not be available on a publicly available website.

    The value, FILE_NAME, has been added to this website’s configuration file. This means any errors on the site will be written to a file which is potentially available to all users.

    Wordfence has not identified this issue or reported anything similar that I can see. Why did Worfence not catch this? And, do I need to take any action here?

    Thanks and I look forward to hearing from you.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @wanderingon and thanks for reaching out to us!

    It looks like health check is seeing this in the wp-config file of the site and alerting you that the debug.log file is set for anyone to be able to browse to it.

    define(‘WP_DEBUG’, true);
define(‘WP_DEBUG_LOG’, true);
define(‘WP_DEBUG_DISPLAY’, false);

    It isn’t really visible on your site because I checked. This likely means that code has been added to the .htaccess file to keep it from being displayed or the debug.log file was blocked in your control panel settings. At any rate, since it can’t be seen there is no reason we’d warn about it. The scan option to see these is “Scan for publicly accessible configuration, backup, or log files” on the Scan > Scan Options and Scheduling page and you should check to see if it is enabled, but again if the file can’t actually be seen publicly we wouldn’t alert for it.

    Let me know if you have any other questions!

    Thanks for your support!

    Thread Starter WanderingOn

    (@wanderingon)

    Hi @wfadam ,

    Thanks for the quick reply and for explaining the cause of this error.

    Is there anything I can do to ensure that this error does not show in the Site Health check?

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site is set to log errors to a potentially public file’ is closed to new replies.