[wp-trac] [WordPress Trac] #52652: Check for display_errors in Site Health
WordPress Trac
noreply at wordpress.org
Thu Feb 25 14:43:20 UTC 2021
#52652: Check for display_errors in Site Health
-------------------------+-----------------------------
Reporter: zodiac1978 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Site Health | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
It would be great if we can also check if `display_errors` is enabled on
the server as this is not recommended:
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-
certain-files
Unfortunately there are many hoster (Siteground, 1and1/Ionos,
Domainfactory, all-inkl.com, ...) with this setting enabled as default.
There are snippets flying around to add this to the .htaccess, but there
are not working in any environment:
{{{
<IfModule mod_php7.c> php_flag display_errors off </IfModule>
}}}
This is because if PHP is not running as a module but as FastCGI/PHP-FPM
you need to use a `.user.ini` file with the content `display_errors = 0`
instead or change this in your hoster settings.
First reported here: https://github.com/WordPress/health-check/issues/370
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52652>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list