WordPress Prohibit output error message setting method

Using Web site security detection Scan Blog, found a vulnerability, in fact, is directly access to the topic path, the Get_header () function is not effective (call to undefined function get_header ()), And my WordPress will output the complete error message, the sensitive name of the directory structure exposed, although no impact on normal access, but will give some people an opportunity. Often in the blog backstage to see a lot of people scan blog various paths or files, as many as possible to resolve vulnerabilities, will greatly enhance the security of the site. Show me my blog security, 100 points, no loopholes; although it is superficial, but I will find a solution to one!

The following is a detailed description of the problems I encountered and solutions, for reference.

Environment: Linux VPS + LNMP

The complete error message is as follows:

Fatal error:call to undefined function get_header () in/web site root path/izhangheng/wp-content/themes/twentytwelve/on Line 10

Solution:
If the Web application has its own error handling/management system, make sure that the function is turned on, otherwise it is handled separately by language and environment. If you are a PHP application/apache server, you can disable the display of error messages by modifying the configuration entries in the PHP script, configuration php.ini, and httpd.conf.

1.1, modify the configuration line in php.ini: display_errors = Off
2.2, modify the configuration line in httpd.conf/apache2.conf: Php_flag display_errors off
3.3, modify PHP script, add lines of code: Ini_set (' display_errors ', false);

For this problem, only do not display error message is not perfect, after the error to jump to the home page, you can avoid loss of traffic. My environment by default to turn off the display error message, just want to be in the vulnerable page source before calling WordPress function can be. First into the WordPress backstage appearance, such as editing is index.php home template, the head code changes to the following can be, note that all symbols for English.

code is as follows	&nbs P;
<?php ini_set (' display_errors ', 0);? <?php /**< br> * @package WordPress * @code  www.45it.net if (function_exists (' Get_header ')) {  get_header (); }else{     header ("location:http://". $_server[' Http_host '). "");     exit; };?