Using debug log in production, is that a security concern?

I would consider it a security concern if everyone is able to view the debug.log file from the browser.

It could reveal e.g. paths, plugins and their problems.

There are though ways to restrict access to it via Nginx or Apache.

Another problem I’ve seen with logging to debug.log on production sites is that it’s not auto log-rotated, so it can grow fast for busy problematic sites. It’s easy to forget about it there, until the disk is full or the huge size starts to slow things down.

ps: I just remembered I wrote something about access restrictions here.

Related Posts:

  1. Define WP_DEBUG conditionally / for admins only / log errors (append query arg for all links?)
  2. Control verbosity level of WP DEBUG?
  3. How to check if debug is true and can I use it for my own code? [duplicate]
  4. Suppress deprecated notices
  5. Debug.log file is never created?
  6. How to debug when error_log not working as expected
  7. Where should I tell WordPress where error_log messages should be written?
  8. Disable Debug Log Programmatically
  9. PHP-FPM WordPress Debug
  10. Wordress debug log is not working
  11. Why does WordPress keep showing me error messages?
  12. Why does WP_DEBUG only work after wp_debug_mode() is called? [closed]
  13. what are WP_DEBUG conditions?
  14. There is no any line related the error but it says critical error
  15. error log is going to the wrong location, WP_DEBUG_LOG is ignored
  16. Debugging conundrum with a problem fixed by enabling WP_DEBUG
  17. WP Debug set to true but still wsod
  18. TGM plugin error in Theme Check Plugin
  19. Is it possible to change the log file location for WP_DEBUG_LOG?
  20. How do I find the version of WordPress I have from the source code?
  21. Debugging in WordPress
  22. What is the best way to monitor PHP functions/executions?
  23. Easy code troubleshooting in wordpress
  24. Tutorials for Unit-Testing in WordPress and for unit-test.svn.wordpress.org?
  25. How to debug vars inside function at functions.php file?
  26. How to make debug.log timestamps local time?
  27. How can I determine what php files are being called by a given WP page?
  28. How to set up plugin project with XDebug remote debugging in PhpStorm
  29. How do I set up Debugging?
  30. How to debug WordPress correctly?
  31. Inserting Post Using wp_insert_post. How to Fill Yoast Plugin SEO Fields
  32. How to empty debug.log when file size is above xyMB?
  33. Intercepting wp_mail() to view contents
  34. Where’s The Best Place to use Register_Shutdown_Function()?
  35. Is it possible to set another language for debugging messages?
  36. Send specific users an email when posts are published
  37. How to dump/log default values that are passed to hooks/filter functions?
  38. xdebug connects but won’t break in WordPress with vvv
  39. The plugin generated xx characters of unexpected output. How to solve?
  40. debugging wordpress
  41. How to show the error causing the ‘There has been a critical error on your website’?
  42. Same log message keeps on printing to debug.log file thousand of times
  43. Enable WordPress Debug only for Admin
  44. wp-includes/comment-template.php:26 – Trying to get property of non-object
  45. How do you change error reporting to only show errors in WordPress?
  46. XAMPP-VM Mac OS Mojave wordpress debugging using XDebug
  47. Debugging preview not working problem
  48. Always keep a parameter in URL?
  49. How can I understand what is the cause of WP death (white screen)?
  50. “Undefined index” error when saving empty array with checkboxes
  51. White screen on front page only
  52. Debug Notice: X is deprecated since version 4.5! Use Y instead
  53. “… logged-in …” seems top of my website
  54. WordPress debug messages not displaying
  55. PHP Notice – Custom Function
  56. Suddenly lots of bugs in my WP installation? [closed]
  57. Notice: Undefined index [closed]
  58. Getting a WordPress Debug Strategy
  59. Notice: attribute_escape is deprecated
  60. How to disable JS? info windows from WP-FirePHP
  61. Best location for a debugging script
  62. Debug Errors, site health
  63. problem with size of debug.log file
  64. What is debug.log.old? It seems to take up a lot of space
  65. How can I remove text above the header? [closed]
  66. Cannot Modify Header Information – While trying logging in
  67. Running xDebug and NPM at the same time?
  68. 3,840 cronjobs with no action!
  69. WordPress 6.x / PHP 8.x deprecated warnings in development environment
  70. Solution to White Screen of Death that does not require Web Server access?
  71. strange characters in debug file
  72. Notice on core function
  73. Step debug wp cron run – ideas how to get this working in PHPStorm with Xdebug?
  74. Display Custom Taxonomy Dropdown posts
  75. Correct my shortcode for displaying a category?
  76. How to display only specific Error types in debug.log? No notices, warnings, etc
  77. How do I specify where to save the debug.log?
  78. Error on add_submenu_page() declaration
  79. Debug info from request handler
  80. Notice: Undefined index: post_title error
  81. WordPress seems broken when logged of
  82. Finding which functions were called
  83. Error on debug.log PHP Stric Standards and PHP notice
  84. Cannot read property ‘hasClass’ of undefined(…) jquery-ui
  85. Unable to load Posts list & Getting error 500 error
  86. Unnessary character on post after restore
  87. Which language files are loaded?
  88. how to error_log(wp_login_url())
  89. How do I issue a warning in a wordpress plugin?
  90. How can I turn off WP_DEBUG_LOG messages coming from a specific plugin or theme?
  91. Theme parts path location dump
  92. Some ways to debug code
  93. How to solve the fopen error?
  94. Why debug.log doesn’t work?
  95. How to check whether functions is deprecated or not?
  96. Why does my site generate .bt files?
  97. Any wordpress development tool to query its functions?
  98. WordPress not available to file using wp-env for xdebug requests
  99. when I Try to Create new Post or Page it goes Draft(I can’t post Anything)
  100. Automated WordPress update failed to complete – but all updates fail with code -1