WP Checkup: How to fix "Full Path Disclosure" error

WP Checkup gives a security error about "Full Path Disclosure" and it says you can fix it by Installing Defender. I installed it but still, I am getting the same error. How can I fix it?

  • James Morris

    Hello Paul,

    I hope you are well today. I'll be following up with you regarding your chat.

    Defender protects against FPD by setting display_errors to off through PHP. However, not all hosting configurations allow for PHP to override this setting. In those cases, you will need to either upload a php.ini or .user.ini file with the following line in it to disable printing of errors to screen:

    display_errors = Off

    Once done, you should see this message in Checkup go away.

    I hope this clarifies a bit. Let us know if you have any further questions. We'll be happy to help! :slight_smile:

    Best regards,

    James Morris

  • James Morris

    Hello Paul,

    Yes, it is possible that your host's PHP configuration does not honor user defined php.ini files or all variables that can be set in those file.

    Here's how you can test easily:

    - Rename the file to .user.ini and test to see if the error persists.
    - Create a file named info.php with the following code in it:

    <?php
    phpinfo();

    -- Check the value of memory_limit
    -- Add the following line to your php.ini or .user.ini file
    memory_limit = 512M
    Set to a higher value if your memory limit is already >= 512M
    -- Re-check the value of memory_limit

    If the value of memory_limit increases, then setting display_errors should work as well.

    If it does not, you will need to contact your hosting provider to see if they can globally set this for your account.

    Unfortunately, since this has been disabled in their config for PHP script override, there's not much we can do on our end to overcome this. This is something in the hosting configuration that will need to be changed.

    I hope this clarifies a bit. Let us know if you have any further questions. We'll be happy to help! :slight_smile:

    Best regards,

    James Morris

  • James Morris

    Hello Paul,

    Since Defender protects against FPD by setting display_errors to off through PHP code, if the server software setup (Apache/PHP config) does not honor this setting, I'm afraid there's not much else can be done. This is an issue that has to be solved at the server software (Apache/PHP config) level. You'll need to work with your hosting provider to change the server software to remove this.

    Best regards,

    James Morris