Hide debug.log file in WordPress
Enabling logging is an excellent way to debug WordPress code when something doesn’t behave as it should in our website. There’re two options to show us the log, thou. One is by presenting warnings and errors directly in the pages and the other is saving it to a file situated in wp-content directory, called debug.log.
To enable logging you should add the following code to your wp-config.php file:
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);
The first line enables logging, next line activates debug.log file usage, and finally the third option specifies that these warnings won’t be shown on your site.
The problem is that, by default, this file is publicly accessible through http://mydomain.com/wp-content/debug.log what suppose a security risk.
But there’s a very simple way to avoid this access (if you’re using Apache webserver). You just need to create or edit your .htaccess file and add this code:
# Block debug.log access
<Files "debug.log">
Order Allow,Deny
Deny from all
</Files>
