Posts Tagged ‘display_errors’

WordPress Security: Silence is golden. Part 2.

Sunday, September 6th, 2009

display_errors OFF

display_errors OFF


Some shared hosting providers don’t turn off php error showing by default. If you don’t change this default PHP configuration settings too, your blog has vulnerability issue or even security problem. Why I talk about security problem? Be cause of this can lead to exposure of the absolute path to your WordPress blog installation. Let’s check together. Put this little script into your blog root folder, for example name it phpinfo.php:

<?php
phpinfo();
?>

Call it from the browser as http://yourBlogURL/phpinfo.php
You will see standard ‘PHP Info’ page with values of different PHP configuration parameters. Check display_errors parameter value under ‘PHP Core section’ now.

Read the rest of this entry