When I scan a blog with website security detection and find a vulnerability, the get_header () function does not take effect (Call to undefined function get_header () if I directly access the topic path ()), however, my WordPress will output a complete error message, exposing the directory structure of the sensitive name. Although it does not affect normal access, it will give some people a chance. Many people often view various blog paths or files in the blog background to solve as many vulnerabilities as possible, which will greatly enhance website security. Show off the security of my blog, with 100 points and no vulnerabilities. Although it is only superficial, I will find one solution!
The following describes in detail the problems and solutions I have encountered for your reference.
Environment: linux vps + lnmp
The complete error message is as follows:
Fatal error: Call to undefined function get_header () in/website root path/izhangheng/wp-content/themes/twentytwelve/on line 10
Solution:
If the WEB application comes with an error handling/management system, make sure the function is enabled. Otherwise, the system processes errors by language and environment. If it is a PHP application or Apache server, you can disable displaying error information by modifying the php script, configuring the configuration items in php. ini, and httpd. conf.
1.1 modify the configuration line in php. ini: display_errors = off
2.2 modify the configuration line php_flag display_errors off in httpd. conf/apache2.conf.
3.3 Modify the php script and add the code line: ini_set ('display _ errors ', false );
To solve this problem, it is not perfect to show only the error information. After an error occurs, you can jump to the homepage to avoid traffic loss. By default, the display of error messages is disabled in my environment. You only need to call the WordPress function before the source code of the vulnerable page. First, enter the appearance of the WordPress background. For example, edit the index. php homepage template and change the header code to the following. Note that all the symbols are in English.
The code is as follows: |
Copy code |
<? Php ini_set ('display _ errors ', 0);?> <? Php /** * @ Package WordPress * @ Code www.111cn.net If (function_exists ('Get _ head ')){ Get_header (); } Else { Header ("Location: http: //". $ _ SERVER ['http _ host']. ""); Exit; };?> |