Coding on a Live Site

by damonp on June 29, 2007

in PHP,Security

I have written several times about debugging a live site and posted snippets for working on the themes of a live WordPress install. One trick I haven’t mentioned is using the PHP error log.

PHP on any production site should be configured to not display errors. I see all too often on random sites that PHP has been configured to show errors (sometimes even in Google results). This gives away too much information about your application and server.

On the servers and applications I work on all of the time, I configure PHP to log errors to /var/log/php_errors. Simply tailing this file through a console will quickly show any errors caused by the edits.

To enable logging, check these two variables in your php.ini:

; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
log_errors = On
; Log errors to specified file.
;error_log = filename
error_log = /var/log/php_errors

To tail the log file from an SSH console:

tail -f /var/log/php_errors

Popularity: 1%

Most Popular Posts

Damon Parker is a freelance sysadmin and web developer in Texas. He specializes in server setup, server security and high performance server configurations. Need help setting up a web server or getting a server back online after a crash or hack? Email Damon

Leave a Comment

Previous post:

Next post: