Hide debug.log file in WordPress
Enabling logging is an excellent way to debug WordPress code when something doesn’t behave as it should in our website. There’re two options to show us the log, thou. One is by presenting warnings and errors directly in the pages and the other is saving it to a file situated in
wp-content directory, called
To enable logging you should add the following code to your
define('WP_DEBUG', true); define('WP_DEBUG_LOG', true); define('WP_DEBUG_DISPLAY', false);
The first line enables logging, next line activates
debug.log file usage, and finally the third option specifies that these warnings won’t be shown on your site.
The problem is that, by default, this file is publicly accessible through http://mydomain.com/wp-content/debug.log what suppose a security risk.
But there’s a very simple way to avoid this access (if you’re using Apache webserver). You just need to create or edit your
.htaccess file and add this code:
# Block debug.log access <Files "debug.log"> Order Allow,Deny Deny from all </Files>