WordPress.org

Make WordPress Core

#48961 closed defect (bug) (duplicate)

Site Health WP_DEBUG_LOG critical issue

Reported by: kubiq Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.2
Component: Site Health Keywords:
Focuses: Cc:

Description

There is a notice in Site Health "Your site is set to log errors to a potentially public file.", but we should check it with CURL if that file is really public.

In all my WP installations I have enabled WP_DEBUG_LOG and I placed there also .htaccess file with this content:

RemoveHandler .log
RemoveType .log

<Files *.log>
	order deny,allow
	deny from all
</Files>

So debug.log is definitely not public, it can be accessed only by FTP, but there is still this "critical issue" and some clients are worried about it.

Workaround should be like firstly write something to that log, so we make sure, file exists:

<?php error_log('Testing debug.log'); ?>

Then just use one of PHP functions to return response headers, like file_get_contents or CURL or others... and check if the response code is 200

Change History (1)

#1 @Clorith
10 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version set to 5.2

Hiya, and welcome to WordPress trac.

There is already a ticket relating to the DEBUG_LOG warning, #47985, and that is where we should consolidate discussions about it so that we don't miss any information.

Note: See TracTickets for help on using tickets.