Publisher: Sigit purnomo kangsigit.com@gmail.com

Hide "Full Path Errors" in php.ini and .htaccess (overcome hackers)

A blog or web service must be fully controlled from any mistakes to keep software vulnerabilities from hackers.

One is, to correct mistakes of the full path disclosure. For example: "Warning: require(ABSPATHwp-includes/load.php) [function.require]: failed to open stream: No such file or directory in /home/kangsigit/public_html/wp-settings.php on line 21"

If that happens, the attacker will have additional opportunities to break the security of your site. By looking at the full path, the attacker can deduce that the username used is kangsigit. In the end, the attacker will find a fortune by guessing the password of the username varies repeated.

Although the disclosure of the full path is not to be the end of your job, but why not make the attack as hard as possible?

An amazing tips I can directly from MattCutts blog, here's how to patch the vulnerability of your site from a full path disclosure.
  • In a php.ini file, you can add a line like “display_errors = off” (without the quotes).
  • In an .htaccess file, you can add a line that says “php_flag display_errors off” (without the quotes).
Mattcuts concluded that, php.ini better approach. This is because some web hosts running PHP in CGI mode that may not allow php_flag or php_value directives in .htaccess file.

Thank you for reading my article, good luck.
no image
Add Comments
Click Here to Add Comments

No Comment