Move Your Damn WordPress Debug Log so It’s Not Accessible via HTTP

move-wordpress-debug-log-5

Every time I need to view a WordPress debug log, I get a little belly-side security loophole cringe. It completely depends on what information you stuff into it that would cause a security issue, but it’s so easy to mitigate this risk entirely—by storing (and writing to) the file outside of your document root. It drives me bat-shit crazy that anyone with a browser can simply navigate to the blatantly accessible file and view its contents.

In writing this post I searched a few high profile WordPress sites and found a few debug logs in the mix. Most of them returned with 404s, but I did find a few. No juicy debug information though, but I only spent like five minutes looking.

Anyways, I digress.

So, for some time now I’ve been implementing on any of my client websites the following solution to move the debug log to a safer, inaccessible location.

In your wp-config.php add the following:

define('WP_DEBUG', true);
if ( WP_DEBUG ) {

	// turn off wordpress debug (otherwise it will override)
	define( 'WP_DEBUG_LOG', false );

	// specify new safe path
	$path = realpath( $_SERVER["DOCUMENT_ROOT"] . '/..' ) . '/wp-logs/debug.log';
	    
	// enable php error log
	@ini_set( 'log_errors', 'On' ); // enable or disable php error logging (use 'On' or 'Off')
	@ini_set( 'error_log', $path );

}

A few notes:

  • All of this code assumes you have access to your servers root filesystem. Check with your host if you’re unsure.
  • The code in it’s current form assumes that the folder and file already exist.
  • If nothing is being written to the file after these changes, you may need to adjust the permissions of the folder and file once created.

And for a bonus I use the following awesome function to write to said log file. Compliments of Stu Miller.

if (!function_exists('write_log')) {
    function write_log ( $log )  {
        if ( true === WP_DEBUG ) {
        
			if( is_array( $log ) || is_object( $log ) ) {
				error_log( print_r( $log, true ) );
			} else {
				error_log( $log );
			}
        		
        }
    }
} 
Posted in: Code Samples, Development  |  Tagged with: , ,  |  Leave a comment

Leave a Reply

Most recent work

  • Our Restroom Our Restroom is an (inter)national crowdsourced campaign who’s goal is simple: compel businesses to make their single occupancy restrooms gender neutral. Championed by Kristin Russo, designed by Allison Weiss, built by me on WordPress.
  • How To Win At Feminism The badasses over at Reductress are at it again with their new book How To Win At Feminism.
  • Reductress I crank out on-going web projects for Reductress. Super fun as you can imagine.
  • Everyone Is Gay Everyone Is Gay is an indispensable question and answer resource for the LGBTQ community. Hell, it’s great advice for anyone with a body with an emotion or two. I made the site responsive among other things. Give it a look see.

Need hosting?

  • Media Temple My go to hosting provider. You get rockstar hosting and I make a little cash. No pressure, just clean honest fun.

Past work

  • Christine Chaney Creative The online presence of Seattle artist Christine Chaney. Specializing in architecture, art and apparel.
  • Get Your Shit Together This is a site dedicated to helping you get your shit together before an unexpected tragedy, like the loss of a loved one.
  • IHG Instagram Sweepstakes An awesome Instagram driven sweepstakes site for IHG.
  • Trivial Beersuit A site that provides professional pub trivia to bars and restaurants.
  • Audi YouTube Channel This site was a quick turn-around hair pulling adventure for the Super Bowl: revamping Audi’s YouTube Channel.
  • Teach.org The new Teach.org. Providing tools to help students become teachers.
  • Valhalla DSP A one man Seattle based company, writing pretty sick professional audio plugins. Check ’em out!
  • Microsoft Visual Studio 2012 Launch This sweet new Visual Studio 2012 Launch website sports a mobile first, responsive web design architecture and comes in 14 different languages.
  • Nice Manners Music Nice Manners is an LA based recording studio offering their clients all sorts of digital audio services. This is a demo of an internal genre based music search & player I built for them. I am ecstatic about launching this project—check it out.
  • Holiday Inn Tumblr A quick, fully responsive update to the Holiday Inn Tumblr page.
  • Microsoft's Art of Touch An artful HTML5 Microsoft website. Sadly, this site is no longer live.
  • Microsoft Hardware Healthy Computing Tool A useful little tool to help you find the perfect Microsoft mouse or keyboard.
  • Pella Professional Pella manufactures high quality doors and windows. This is their professional site.
  • Imaging the World A non-profit dedicated to providing ultrasound services in remote areas of the world.
  • Ginny Ruffner: A not so still life A site for a documentary film about Seattle artist Ginny Ruffner.

Blogroll