WordPress – Debug Mode

Description

During the scan, Kayran has detected that you’ve left Debug Mode enabled.

If Debug Mode is enabled on your WordPress site, all PHP notices, errors and warnings are being saved in a login file named “./wp-content/debug.log”.
This file is readable for anyone.
An attacker can use the debugging information found in this file to initiate further, more advanced attacks against your assets.

Recommendation

Make sure the WordPress Debug Mode is disabled in production, or, restrict access to the
“./wp-content/debug.log” file.
To disable the Debug Mode use the following command :
define(‘WP_DEBUG’, false);

References

https://wordpress.org/support/article/debugging-in-wordpress/

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »