Using debug log in production, is that a security concern?

I would consider it a security concern if everyone is able to view the debug.log file from the browser.

It could reveal e.g. paths, plugins and their problems.

There are though ways to restrict access to it via Nginx or Apache.

Another problem I’ve seen with logging to debug.log on production sites is that it’s not auto log-rotated, so it can grow fast for busy problematic sites. It’s easy to forget about it there, until the disk is full or the huge size starts to slow things down.

ps: I just remembered I wrote something about access restrictions here.

Related Posts:

  1. Define WP_DEBUG conditionally / for admins only / log errors (append query arg for all links?)
  2. Control verbosity level of WP DEBUG?
  3. How to check if debug is true and can I use it for my own code? [duplicate]
  4. Suppress deprecated notices
  5. Debug.log file is never created?
  6. How to debug when error_log not working as expected
  7. Where should I tell WordPress where error_log messages should be written?
  8. Disable Debug Log Programmatically
  9. PHP-FPM WordPress Debug
  10. Wordress debug log is not working
  11. Why does WordPress keep showing me error messages?
  12. Why does WP_DEBUG only work after wp_debug_mode() is called? [closed]
  13. what are WP_DEBUG conditions?
  14. There is no any line related the error but it says critical error
  15. error log is going to the wrong location, WP_DEBUG_LOG is ignored
  16. Debugging conundrum with a problem fixed by enabling WP_DEBUG
  17. WP Debug set to true but still wsod
  18. TGM plugin error in Theme Check Plugin
  19. How do I find the version of WordPress I have from the source code?
  20. Debugging in WordPress
  21. Debugging WordPress themes with Xdebug, real time html output
  22. Easy code troubleshooting in wordpress
  23. Tutorials for Unit-Testing in WordPress and for unit-test.svn.wordpress.org?
  24. Nginx – Prevent Access to Debug file [closed]
  25. How to debug vars inside function at functions.php file?
  26. How can I determine what php files are being called by a given WP page?
  27. How do I set up Debugging?
  28. error_log is not working as expected in functions.php file
  29. Inserting Post Using wp_insert_post. How to Fill Yoast Plugin SEO Fields
  30. How to empty debug.log when file size is above xyMB?
  31. Intercepting wp_mail() to view contents
  32. Where’s The Best Place to use Register_Shutdown_Function()?
  33. Is it possible to set another language for debugging messages?
  34. add_sub_menu page() to be replaced by add_theme_page()
  35. Send specific users an email when posts are published
  36. Super WordPress debugging toolkit and triage procedures? [duplicate]
  37. if(!is_user_logged_in()) returns true when 404
  38. How to dump/log default values that are passed to hooks/filter functions?
  39. xdebug connects but won’t break in WordPress with vvv
  40. The plugin generated xx characters of unexpected output. How to solve?
  41. debugging wordpress
  42. How to show the error causing the ‘There has been a critical error on your website’?
  43. wp-includes/comment-template.php:26 – Trying to get property of non-object
  44. How do you change error reporting to only show errors in WordPress?
  45. XAMPP-VM Mac OS Mojave wordpress debugging using XDebug
  46. Always keep a parameter in URL?
  47. How can I understand what is the cause of WP death (white screen)?
  48. “Undefined index” error when saving empty array with checkboxes
  49. White screen on front page only
  50. “… logged-in …” seems top of my website
  51. WordPress debug messages not displaying
  52. Suddenly lots of bugs in my WP installation? [closed]
  53. Notice: Undefined index [closed]
  54. Getting a WordPress Debug Strategy
  55. How to disable JS? info windows from WP-FirePHP
  56. How do I acquire all the meta-information for a particular page I am on?
  57. How to find line of code causing wordpress deprecation notices
  58. Debug Errors, site health
  59. problem with size of debug.log file
  60. What is debug.log.old? It seems to take up a lot of space
  61. WordPress Cron job, 302 response
  62. Comment WP_DEBUG in wp-config file
  63. How can I remove text above the header? [closed]
  64. Best place to call xdebug helper functions?
  65. Cannot Modify Header Information – While trying logging in
  66. Running xDebug and NPM at the same time?
  67. 3,840 cronjobs with no action!
  68. WordPress 6.x / PHP 8.x deprecated warnings in development environment
  69. strange characters in debug file
  70. Notice on core function
  71. Display Custom Taxonomy Dropdown posts
  72. How to display only specific Error types in debug.log? No notices, warnings, etc
  73. A bug happens in the Footer and the code keeps appearing
  74. How do I specify where to save the debug.log?
  75. debug.log is not created
  76. Error on add_submenu_page() declaration
  77. Debug info from request handler
  78. Notice: Undefined index: post_title error
  79. Debugging Mysterious PHP Addition
  80. Finding which functions were called
  81. Cannot read property ‘hasClass’ of undefined(…) jquery-ui
  82. Unable to load Posts list & Getting error 500 error
  83. Which language files are loaded?
  84. how to error_log(wp_login_url())
  85. How do I issue a warning in a wordpress plugin?
  86. Method ‘post_title’ not found in class.
  87. How can I turn off WP_DEBUG_LOG messages coming from a specific plugin or theme?
  88. Theme parts path location dump
  89. Changes to WordPress database using phpMyAdmin not reflected on blog
  90. How do you get the docroot directory?
  91. Some ways to debug code
  92. How to solve the fopen error?
  93. Why debug.log doesn’t work?
  94. Why does my site generate .bt files?
  95. Any wordpress development tool to query its functions?
  96. WordPress not available to file using wp-env for xdebug requests
  97. when I Try to Create new Post or Page it goes Draft(I can’t post Anything)
  98. Automated WordPress update failed to complete – but all updates fail with code -1
  99. Error Function is_tax was called incorrectly
  100. Critical Error on Pages – WP_DEBUG Not Showing Anything