[Defender] Inform user of intentional error.log

Defender intentionally generates some logs into error.log. The doc and/or UI should explain this.

I’m was getting “client denied by server configuration” for /wp-defender files. To avoid localhost access errors, I added a .htaccess as a test to that folder. Then I got other errors.

Ref this thread where James was confused by the same error log.

https://premium.wpmudev.org/forums/topic/call-to-undefined-function-get_header-in-wp-includestheme-compatembedphp13

I understand that this security software wants to make sure that its changelog and other files can’t be read. So it intentionally tries to access files that should be restricted, and if it Can access those files, it flags a vulnerability.

I think the Defender UI should indicate in the UI when intentional and ignorable errors are being generated. Example, where the dashboard says “Scan your website for file changes, vulnerabilities and injected code, and get notifications about anything suspicious.” Add “During this scan the web server may log to error.log. This are expected and can be ignored – if an error is Not encountered during a test, it means access to a resource is open and Defender will take steps to fix the problem.”

That should help when a scan is performed. But note that the scan for file access is performed just when visiting the Defender dashboard – we will see errors in the log (“client denied by server configuration”:wink: without any actions, and that could be confusing to an admin. For this I recommend a note in the dashboard that the error log may show a few entries from a preliminary scan, and these can be ignored.

  • Ash
    • WordPress Hacker

    Hello Tony G

    I think the logged error mentioned in the other thread is not directly written by defender. Defender wanted to run a file and wordpress generated that error which is pretty logical.

    Despite that, I still agree with you that, the error is logged as defender tried to run that file, so we could add a message. Thank you so much for the suggestion, I am marking this as a feature request for now. Let’s see how other members think about this.

    Have a nice day!

    Cheers,

    Ash

    • Tony G
      • Mr. LetsFixTheWorld

      You’re correct. That other error is generated from a WP bug after a function is invoked within the file. I understand that Defender doesn’t intend to execute anything. The fact that it could revealed a security issue, which is Defender’s goal.

      I only found that thread because while looking to further lock down a site I was experimenting with .htaccess, wanted to see if Defender would catch it, and that led to a few of my posts here today.

      Thanks!

  • RavanH
    • The Crimson Coder

    Hi, would it not be possible for Defender to try and access a test file within it’s own plugin directory or written to wp-content/uploads/ with a name like defender-error-reporting-test.php or something like that? With such a file name appearing in the error logs, it’d be clear immediately (or after a quick web search) that this is about testing rather than some kind of automated hack attempt or external file scanning going on…

    I just spent two hours searching for the cause of these requests for theme-compat/embed.php thinking some bad coding inside a plugin or theme was the cause. If it would have been more obviously related to Defender, I’d not have wasted my time on it.

    I totally get the purpose of this test but wonder if it could not be made more obvious from the error that will forcefully (cannot be prevented, I guess) appear in the log file.

  • RavanH
    • The Crimson Coder

    Another approach might be to do a “normal” request for index.php (for example) but with a specific query string like ?defender-error-reporting-test=1&nonce=xxxxx which could then be caught by Defender itself to intentionally throw an Exception error with a custom error message. This too would make it possible to have it be easily recognizable :slight_smile:

  • Hoang Ngo
    • Code Slayer

    Hi guys,

    Many thanks for your suggestions, they all look very interesting.

    I will work with the UI/UX Manager for adding some explanations in the security tweaks, which will try to trigger an error on purpose, to make sure all the security tweaks get applied properly.

    Best regards,

    Hoang

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.