WordPress has a built-in debugging system that can log PHP errors, warnings, and notices. This is invaluable for development and troubleshooting, but must be configured carefully to avoid exposing errors to visitors.
Add to your wp-config.php
Place these constants before the line /* That's all, stop editing! */:
// Enable WP_DEBUG mode
define('WP_DEBUG', true);
// Log errors to /wp-content/debug.log
define('WP_DEBUG_LOG', true);
// Do NOT display errors on the frontend
define('WP_DEBUG_DISPLAY', false);
// Ensure PHP also doesn't display errors
@ini_set('display_errors', 0);
// Log all PHP errors
@ini_set('log_errors', 1);
// Optional: Set custom log file location
// define('WP_DEBUG_LOG', '/path/to/custom/debug.log');Protect the debug.log file
Add this to your .htaccess file in the wp-content directory:
# Prevent public access to debug.log
<Files debug.log>
Require all denied
</Files>For Nginx:
location ~* /debug\.log$ {
deny all;
access_log off;
log_not_found off;
}Read the log file
# View the last 50 lines of the debug log
tail -n 50 wp-content/debug.log
# Follow the log in real-time
tail -f wp-content/debug.log
# Search for specific errors
grep "Fatal error" wp-content/debug.logWhat this does
- WP_DEBUG – Enables WordPress debug mode
- WP_DEBUG_LOG – Writes errors to
wp-content/debug.log - WP_DEBUG_DISPLAY – Prevents errors from being shown to visitors
Important: Always disable WP_DEBUG on production sites when not actively debugging. InspectWP checks for publicly accessible debug.log files in its security analysis.