Is debug.log always publicly accessible by default

[ad_1]

I thought the best way to debug a WordPress site was to enable logging to debug.log, but through Wordfence I found out that de debug.log file is publicly accessible for anyone. This seems like a big security risk.

Is debug.log always publicly available by default? What is the safest way to debug a WordPress website?

[ad_2]
2 Comments

  1. Yes, it’s a regular file that anyone can access.

    Once you’ve finished debugging, disable debugging and delete the file. Generally it’s not to big of a deal if someone sees it, there isn’t *usually* anything in it that poses a risk to your site.

  2. Some servers absolutely block it. I wouldn’t be shocked if some just blocked all .log access, because why make that public?

    It’s generally done with .htaccess or Nginx rules.

    If you can access it publicly on your server, it’s public.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer