WordPress Suppress output error message setting Method _php Tutorial

Source: Internet
Author: User
Web site security detection Scan Blog, found a vulnerability, is actually directly access to the topic path, the Get_header () function is not effective (call to undefined functions get_header ()), And my WordPress will output a complete error message, the directory structure of the sensitive name exposed, although there is no impact on normal access, but will give some people the opportunity. Often in the background of the blog to see many people scan the blog various paths or files, as much as possible to solve the vulnerabilities, will greatly enhance the security of the site. Show me my blog security, 100 points, no loopholes; it's just superficial, but I'll find a solution for one!

Here is a detailed description of the problems and solutions I have encountered, for reference.

Environment: Linux VPS + LNMP

The complete error message is as follows:

Fatal error:call to undefined function get_header () in/website root path/izhangheng/wp-content/themes/twentytwelve/on Line 10

Solution:
If the Web application comes with an error handling/management system, make sure the feature is turned on, otherwise, by language, environment, respectively. If you are a PHP application/apache server, you can suppress error messages by modifying PHP scripts, configuring PHP.ini, and Configuration items in httpd.conf.

1.1. Modify the configuration line in php.ini: display_errors = Off
2.2. Modify the configuration line in httpd.conf/apache2.conf: Php_flag display_errors off
3.3, modify the PHP script, add code line: Ini_set (' display_errors ', false);

For this problem, only do not display the error message is not perfect, error after jumping to the homepage, you can avoid loss of traffic. My environment is turned off by default display error message, only need to be in the vulnerable page source code before calling the WordPress function. First into the appearance of the WordPress backstage, such as editing the index.php home template, the head code to change to the following, note that all symbols in English.

The code is as follows


/**
* @package WordPress
* @code www.45it.net
if (function_exists (' Get_header ')) {
Get_header ();
}else{
Header ("location:http://". $_server[' Http_host '). "");
Exit
};?>

http://www.bkjia.com/PHPjc/372436.html www.bkjia.com true http://www.bkjia.com/PHPjc/372436.html techarticle using Web site security detection Scan Blog, found a vulnerability, is actually directly access to the topic path, the Get_header () function is not effective (call to undefined functions get_header ()), ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.