WordPress – Debug Mode

Description

During the scan, Kayran has detected that you’ve left Debug Mode enabled.

If Debug Mode is enabled on your WordPress site, all PHP notices, errors and warnings are being saved in a login file named “./wp-content/debug.log”.
This file is readable for anyone.
An attacker can use the debugging information found in this file to initiate further, more advanced attacks against your assets.

Recommendation

Make sure the WordPress Debug Mode is disabled in production, or, restrict access to the
“./wp-content/debug.log” file.
To disable the Debug Mode use the following command :
define(‘WP_DEBUG’, false);

References

https://wordpress.org/support/article/debugging-in-wordpress/

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »