Defender on ledorf.de - Suspicious Files in WP-Core?

Hello,

after running a scan 2 files are being reported as being "issues":

error_log + phpinfo.php

I have set the phpinfo.php as ignored, but I hope it will be shown in some kind of "pass issues list", where all ignored issues are listed. Is that possible?

For the "error_log" it seems that's no dangerious file too. But I wonder where it has been created and by which plugin. Could you please explain what has created the error_log and why?

Thank you and kind regards,
Sascha

  • Predrag Dubajic

    Hey Sascha,

    Hope you're doing well today :slight_smile:

    Error/debug log files and phpinfo.php are not dangerous files on it's own, the issue with them is that they reveal information about your server, and any errors you have on your site which makes it easier for anyone trying to hack your site to find out what loopholes they can use.

    It's suggested to remove those files from your server so you don't share such data.

    I have set the phpinfo.php as ignored, but I hope it will be shown in some kind of "pass issues list", where all ignored issues are listed. Is that possible?

    Ignored files will show in list under Defender > Scan panel, if you go and manually remove them from your server they will be removed from that list as well.

    For the "error_log" it seems that's no dangerious file too. But I wonder where it has been created and by which plugin. Could you please explain what has created the error_log and why?

    I'm not sure what might have created this for you but first thing to check is wp-config.php and see if you have any debug enabled in there, WP debug file should be called debug.log but it's worth checking.

    It's also possible that some plugin or your theme created it, I would suggest checking the options of your active plugins and if a plugin creates this it usually has Enable Debug or similar option which you can disable.

    Best regards,
    Predrag

  • sushling

    Hello Predag,

    thank you for your help and explanation.

    On "ledorf.de" I have removed the error_log and it never been recreated again.

    Other situation on hilfe.macbay.de -> Defender is warning about the existence of
    /wp-admin/error_log

    and I don't want to put the site on risk and remove the file. But I have done that before already and the error-log got recreated again. Obviously by some plugin. Debug-function in wp-config is set to false, so it must be any plugin to put the file in there.

    Do you know which of my plugins could do this? Is there any easy way to find out, which plugin could do or could have done this?

    Thank you and kind regards,
    Sascha

  • Predrag Dubajic

    Hi Sascha,

    It could be bit difficult determining which plugin is creating this log file and it can also be created by your server, if you save the file as .txt file and attach it here I could check the errors and perhaps those will tell us more about what's creating it.

    You can also check below page to see if any of those other error reports are enabled on your site:
    https://codex.wordpress.org/Editing_wp-config.php#Configure_Error_Logging

    Best regards,
    Predrag

  • Adam Czajczyk

    Hello sushling!

    The "error.log" file is an Apache (web-server) log (error log, as the name says) file. It's automatically created when a web-server encounters an error. You can safely remove it from wherever you see it. It can often be helpful though in case of troubleshooting the site as the errors logged may be directly or indirectly related to the WordPress scripts etc.

    If you remove the file and it doesn't get re-created, that means that whatever error created it, it's no longer there. If it gets re-created however, it's worth taking a look inside - like my colleague Predrag suggested - to see whether the error(s) should be taken care of or if they could be safely ignored.

    That said, I checked the file that you attached here and it seems that the last errors there are related to BuddyPress and are from Oct 14th. Since then, there's no new errors so it would mean that's all good. I suggest that you just remove that error.log file and then keep an eye on your server. If it comes back let me know please as soon as possible (attaching it to your post) and that would help "catch up" on possible issues.

    Best regards,
    Adam

  • sushling

    Hello,

    please apologize that I have re-opened this thread again.

    I still feel disturbed by Defender warning about the ongoing re-creation of error_log files. They appear in several directories such as
    /wp-admin/error_log
    /wp-admin/includes/error_log and
    /wp-includes/error_log

    Since Adam said, that they are being created by apache, I wonder if you can help me by teaching about how to setup the cPanel or even WHM in order to store any error_log in one specific directory, e.g. the same level of the "domain root" so that I cannot be access via http.

    Have a wonderful day :slight_smile:

    Thank you and kind regards,
    Sascha

  • Adam Czajczyk

    Hello Sascha!

    Unless you have a full access to Apache web-server configuration you will probably not be able to change that configuration as it's set on a "server level".

    Error logs configuration is described in this Apache docs article:
    http://httpd.apache.org/docs/2.2/logs.html

    That's however a work for a system admin and I think you might want to get in touch with your host and ask them if it's possible to set it up for you the way that only a single "general" error.log file would be created.

    If that's not possible you may try to prevent access to the "error.log" files using .htaccess by adding following lines there

    <files error.log>
    order allow,deny
    deny from all
    </files>

    I hope that helps!
    Best regards,
    Adam

  • Predrag Dubajic

    Hi Sascha,

    You should add that to .htaccess file that's in the root of your WordPress installation, most likely that should be the /home/me/public_html/.htaccess one.

    Basically the WordPress installation that's running your site in question is the right place, you will recognize WP root folder as it will contain these three folders: wp-content, wp-admin and wp-includes.

    Best regards,
    Predrag

  • sushling

    Thank you!

    I forgot to point out, that other websites are installed within

    /home/me/public_html/

    so when I manipulate

    /home/me/public_html/.htaccess

    this would effect other sites too.

    The site in question is located within

    /home/me/public_html/wordpress with
    /home/me/public_html/wordpress/wp-admin etc.

    Following your argumentation I would rather add the directives to
    /home/me/public_html/wordpress/.htaccess

    correct?

    Kind regards,
    Sascha

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.