One is, to correct mistakes of the full path disclosure. For example: "Warning: require(ABSPATHwp-includes/load.php) [function.require]: failed to open stream: No such file or directory in /home/kangsigit/public_html/wp-settings.php on line 21"
If that happens, the attacker will have additional opportunities to break the security of your site. By looking at the full path, the attacker can deduce that the username used is kangsigit. In the end, the attacker will find a fortune by guessing the password of the username varies repeated.
Although the disclosure of the full path is not to be the end of your job, but why not make the attack as hard as possible?
An amazing tips I can directly from MattCutts blog, here's how to patch the vulnerability of your site from a full path disclosure.
- In a php.ini file, you can add a line like “display_errors = off” (without the quotes).
- In an .htaccess file, you can add a line that says “php_flag display_errors off” (without the quotes).
Thank you for reading my article, good luck.