Why does

Why does the php_errorlog get listed as a suspicious file:

http://d.pr/i/dBrR

Shouldn't that always be an exempt file from 'suspicion'?

  • TGL

    I realize I can ignore it, but from a best practices perspective, should Defender allow users to submit files for consideration to ignore (or develop some kind of global exceptions on a per user basis), or should the host (in this case SiteGround) be creating error logs elsewhere (wp-content/php_logs etc.)?

    Weighing out the time absorbed by every single one of your customers that are using SiteGround (and I'm sure others) that will have to ignore that file (and possibly others) for each installation of WordPress vs. the time it would take to allow global exceptions . . .

  • Rupok

    Hi TGL,

    should Defender allow users to submit files for consideration to ignore (or develop some kind of global exceptions on a per user basis), or should the host (in this case SiteGround) be creating error logs elsewhere (wp-content/php_logs etc.)?

    The best practice will be not saving any custom file in the root directory of your website to make your site secure. You can save the error log inside your "wp-content" folder. To know how you can set path for error log, you can check this StackOverflow answer: http://wordpress.stackexchange.com/a/84171

    And I also think, if Defender had any option to list files to be ignored, that would be awesome. So I'm moving this thread to our Features and Feedback section. More people liking this idea, more chances our developers will work on this and will include this feature in our future releases.

    Have a nice day. Cheers!
    Rupok

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.