An open API service indexing awesome lists of open source software.

https://github.com/getpagespeed/wp-error-reporting-patch

Wordpress Error Reporting Patch
https://github.com/getpagespeed/wp-error-reporting-patch

php security wordpress wordpress-plugin

Last synced: 2 months ago
JSON representation

Wordpress Error Reporting Patch

Awesome Lists containing this project

README

          

# Wordpress Error Reporting Patch

This plugin automatically patches `wp-load.php` and disables known Wordpress core calls to `error_reporting()`.

## Some background

PHP versions >= 7.0 have [changed their internal design](https://bugs.php.net/bug.php?id=71340) to allow (for hackers benefit), to adjust error reporting level while overridding whatever level was set by system admin.

Ability to call `error_reporting(0)`, allows hackers to [stay undetected easily while exploiting your server](https://www.getpagespeed.com/server-setup/security/php-security-disable-error_reporting-now).

For production websites, disallowing the `error_reporting` function *altogether* is the best security measure you can take about it.

You should obviously disable `error_reporting` function in your `php.ini`. But once you do, you will find quite a few warnings in your logs:

> error_reporting() has been disabled for security reasons in wp-load.php on line 24

> error_reporting() has been disabled for security reasons in load.php on line 333

This complementary plugin will make sure that Wordpress will not try to call `error_reporting()`, thus eliminating those unnecessary warnings.

So the plugin:

* keeps your logs cleaner
* makes your Wordpress run a few less lines of unnecessary code

## Install

Just download the .zip and place the extracted directory over to `wp-content/plugins`. Or install via [WP-CLI](https://www.getpagespeed.com/web-apps/wordpress/wp-cli):

wp plugin install https://github.com/GetPageSpeed/wp-error-reporting-patch/archive/master.zip --activate