How to Resolve Full Path Disclosure Issue in WordPress
- March 4, 2016
- Leave a comment
Full path disclosure is a security measure in which a generation of fatal error can output the real path of your server (web root) and other information as well. This real path then allow attackers to harm your site. Nowadays, it is very important to secure your website with these types of issues.
If your website is using WordPress CMS, then load the following URL in to your browser to check the Full Path Disclosure.
After loading the URL, it will generate a fatal error as mentioned below:
Call to undefined function _deprecated_file() in /home/your-web-domain/public_html/wp-includes/rss-functions.php on line 8.
It means your information related to file paths will be seen to anyone if any time fatal error occurs. The attacker will take the advantage of this security lap.
To overcome this measure, just use the following rule into your .htaccess file:
# For full path disclosure
php_flag display_errors off
This line of code will hide the warnings and errors that can cause an attack to your site.
2 thoughts on “How to Resolve Full Path Disclosure Issue in WordPress”
This Solution does not work.
500: Internal Error – Hosting
Something may be wrong on your server side. After applying that solution you will get a blank page (which will not leak your path).
Thanks & Regards,
Abdullah | WP Plugin Developer