WordPress: Adding Security

Yes, basically debug.log, but without deny, with 404

Yes, that directive will serve a “404 Not Found” when attempting to request debug.log.

|log?

However, because of the ? in the above regex, it will also block debug.lo. Is that intentional? In fact, if that is intentional then you could simply remove the g? part – since it serves no purpose. But if not, then remove the trailing ? to match debug.log only.

However, it also potentially blocks any URL that simply contains debug.log in the URL-path (since there are no anchors ^ or $ or word boundaries on the regex). For example, the following innocent URL(s) will also be blocked if the directive appears before the WordPress front-controller:

/what-is-the-meaning-of-debug.log-on-my-filesystem
/are-changelog.md-files-really-necessary

(Should you have articles with such a title/slug.)

For this reason, this directive should probably be located at the end of the .htaccess file, after the WordPress front-controller, so that you only block access to physical files. This will also be marginally more efficient.

[R=404,NC,L] – minor point… the L flag is not strictly required here. L is implied when specifying a non-3xx return code.

To simply block (with a 404) requests for debug.log (all lowercase) in the document root only then the following would be sufficient:

RewriteRule ^debug\.log$ - [R=404]

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  5. WordPress URL/Folder ReWrite using Htaccess
  6. Which WordPress scripts need to be executable for a fresh installation?
  7. Blocking access to wp-login via htaccess not working
  8. Attach to wp-login.php and xmlrpc.php
  9. XMLRPC filtering through htaccess not working
  10. Restricting user login by IP address
  11. How do I test to ensure that my wp-config file is protected?
  12. WordPress not seeing .htaccess rules
  13. Rules in .htaccess only if the requested URL is /wp-admin
  14. Disable directory browsing of uploads folder
  15. Strange behaviour of is_user_logged_in() and get_current_user_id()
  16. Selectively Disabling PHP via .htaccess in Root Directory
  17. Should I prevent access to .htaccess and wp-config.php files?
  18. Blocking wp-login in HTACCESS has also blocked password protected pages
  19. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  20. Using htaccess to prevent spam through wp-comments-post.php
  21. How can I create a private site that is inaccessible from the outside?
  22. Restrict Content for only Contributors via .htaccess
  23. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  24. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  25. Htaccess for Wordpess set on single subdomain
  26. WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
  27. Admin-Ajax.php, SSL, Non-SSL
  28. How to Block Access to Standard Login Flow and Comment Flow
  29. WordPress site displaying 404 for any page apart from index
  30. How to avoid wordpress permalink rules to inherit in a sub-folder
  31. Cant block wordpress readme files
  32. 404/500 error on /wp-json
  33. WordPress keeps deleting .htaccess file
  34. Prevent users from browsing through the media galleries
  35. How to modify the .htaccess to force ssl on login and admin pages
  36. WordPress mod_rewrite is canceling/overwriting my other mod_rewrite rule
  37. .htaccess redirects no longer work
  38. Exclude subfolder from WP-redirect works with html but not php files
  39. Server crashed trying to restore wordpress multisite, images are not found pls help
  40. Create subdomain masking for each user in WordPress
  41. Redirect from different port to subdomain – htaccess
  42. WordPress Redirect 301 register page
  43. Only expose routes with prefix /wp-json on WordPress using Apache
  44. Hardening wordpress: blocking /includes with htaccess
  45. Install a Network under a mapped domain
  46. htaccess – RewriteRule without redirect not working
  47. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  48. How can I fetch the content of a post of my wordpress domain from an other domain?
  49. Redirect Specific Wildcard Subdomain to a specific URL on another domain
  50. WP install in sub-dir white screen
  51. Htaccess Rewrite reverts to default .htaccess file
  52. create a static folder independent with WordPress
  53. WordPress site not working after move
  54. Site in subfolder – all pages work except home
  55. Giving to wordpress it’s own directory cause login loop
  56. htaccess, site and staging in subdirectories
  57. WordPress sites in subfolders
  58. Admin Panel Slowdown After SSL Verification
  59. WordPress category with 404 error
  60. where to add redirection rewriterule in .htaccess file?
  61. Trouble adding directory rewrite to htaccess under wordpress [closed]
  62. How do I apply friendly URL permalinks to a custom WordPress template?
  63. create virtual subdomains for a bunch of urls on a site via .htaccess
  64. htaccess getting overwritten over and over = 404 error
  65. htaccess problem not being able to overwrite previous rules
  66. wordpress blog displaying blank pages [closed]
  67. Relative links stop working after moving wordpress site from hosting to localhost
  68. WordPress site blacklisted by Google about .htaccess [closed]
  69. How to fix .htaccess corrupted
  70. Accepting special characters in querystring
  71. WordPress constantly running out of memory
  72. WP Codex answer incomplete? Put WP in subdirectory. .htaccess change required
  73. .htaccess found in every folder
  74. All navigation links on website redirect to same page
  75. WordPress is removing trailing slash
  76. How do I properly redirect requests to WordPress subdirectory?
  77. Htaccess file reset automatically how to fix this issue
  78. Clone WordPress for testing on localhost (with Fiddler)
  79. Force a 403 response to xml file in WordPress
  80. Redirect files in uploads directory if WordPress user not logged in
  81. Redirect wordpress site to www from non www on wordpress server
  82. Update htaccess in several WP sites at once
  83. Pretty Url not working on the server
  84. How to use slug with subdomain?
  85. Reversing domain ‘sharding’ with htaccess
  86. WordPress Intercepting Requests To A File In Public HTML
  87. Htaccess remove dates from root site but not from subdomain
  88. .htaccess home configuration
  89. Installing wordpress on subdirectory 2 levels down
  90. Cannot Override WordPress 404 for a Sub-Directory
  91. adding a rewrite rule in wordpress functions file
  92. Multisite permalinks for subfolder wordpress installation
  93. Missing visual editor after placing a redirect rule into the .htaccess file
  94. Redirect not working
  95. Permanently Redirect WordPress Subfolder Blog to Subdomain on Another Server
  96. WordPress site not redirecting properly
  97. .htaccess for Subdomain and Subfolder w/SSL
  98. Why my wp site always redirecting to the old website path..?
  99. Hiding wp-config.php via .htaccess on an install installed in another directory?
  100. .htaccess seems to be required but I can not find it