Support » Everything else WordPress » error_log file in root a security risk?

  • Good evening everyone,

    I noticed an “error_log” file in the root of my WordPress website continues to grow by the day. The size of the file is currently at 50MB. When I look at the file using Textpad or Notepad, I see some of the errors in it contain the prefix name of my database tables, which I changed for security reasons using a well known security plugin. I am concerned that this error_log file shows the full name of my prefix database table name.

    My question to the experts on this forum is this. Is there a danger with a hacker accessing the error_log file from my website’s root and then reading the file, thus seeing the name of the database tables? I worry that the file is just sitting on my website’s root. Is there no way to have the error_log file be generated somewhere else in the website folder structure, maybe in a folder I create? I just feel like its vulnerable just sitting on the root.

    Thank you,

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Ipstenu (Mika Epstein)


    Lead Plugin Wrangler

    The error_log is generated by PHP (which WP uses, but really the point there is that it’s not WP itself).

    It’s your PHP setup that’s putting the error log there.

    The error_log file is generated automaticlaly by your server when PHP encounters errors. It does this so you know where and what to fix in the code when there’s problems. The server generates the file in the folder that the errors occur in (most of the time) so you can also see it in other folders around the site as well depedning on how the server runs the various scripts around the site.

    There’s no point worrying about people finding out your DB table names. If they can see that you use WordPress they’ll know what tables you are using anyway so that is not an important point at all.

    If you are worried about the security issues, you’ll need to get the errors that are shown in that file fixed. I’d be 99% sure that most of the erros would be caused by plugins or themes, and not anything from WordPress itself as I haven’t seen to many issues from the core files before. Most times it’s plugin developers that don’t use the proper error checking when they are developing their code.

    Thank you Ipstenu and michael.mariart for your responses. Very much appreciated!!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘error_log file in root a security risk?’ is closed to new replies.