Query about error_reporting in WordPress
-
Hello,
While tracking various wordpress and custom php hack scripts, I found a common string “error_reporting(0);” (which disable the error reporting) in almost all the malware and Hack patterns.
But when we grep this string in newly downloaded wordpress package, I find that this string is by default present in the following files:
****************
Wordpress-4.3.1/wp-admin/load-scripts.php:8:error_reporting(0);
Wordpress-4.3.1/wp-admin/setup-config.php:29:error_reporting(0);
Wordpress-4.3.1/wp-admin/load-styles.php:8:error_reporting(0);
Wordpress-4.3.1/wp-includes/class-http.php:1007: $error_reporting = error_reporting(0);
Wordpress-4.3.1/wp-includes/js/tinymce/wp-tinymce.php:7:error_reporting(0);
*****************Can this be the possible reason why the user does not comes to know, when the wordpress site get compromised by any malware during initial stage until it affects the site functionality?
-
I have flagged this for the staff as it is a security question, However
This forum is for the support of WordPress.COM hosted sites not the WordPress.ORG software
You should address your questions to WordPress.ORG the keepers of the software you are using: http://wordpress.org/support/
For more on the difference: http://support.wordpress.com/com-vs-org/
-
I’ve removed your post for the sake of security, and passed along your initial report to the core development team. Please reach out to them with further details.
Please also follow this guide. Best practices are to:
responsibly and privately disclose to the vendor (the WordPress core development team, in this case) a security problem before publicizing, so a fix can be prepared, and damage from the vulnerability minimized.
You can report any potential security issues for the self-hosted WordPress software to:
security [at] wordpress.orgPlease include as many details and examples as possible.
Thanks!
Email updated.
-
- The topic ‘Query about error_reporting in WordPress’ is closed to new replies.
WordPress.com Forums 