Using debug log in production, is that a security concern?
I would consider it a security concern if everyone is able to view the debug.log file from the browser. It could reveal e.g. paths, plugins and their problems. There are though ways to restrict access to it via Nginx or Apache. Another problem I’ve seen with logging to debug.log on production sites is that it’s … Read more