Save 15% on our Pro WordPress plugins with discount code: LAUNCH2021
Web Dev + WordPress + Security

How to Enable PHP Error Logging via htaccess

In this brief tutorial, I will show Apache users how to suppress PHP errors from visitors and enable PHP error logging via htaccess.

Tracking your site’s PHP errors is an excellent way to manage and troubleshoot unexpected issues related to plugins and themes. Even better, monitoring PHP errors behind the scenes via private log is far better than trying to catch them as they appear at random visits. Thanks to the magical powers of htaccess, there is an easy way to implement this effective strategy.

Hide PHP errors from visitors

In our article, , we discuss a technique whereby PHP errors are suppressed via htaccess. This is done by including the following directives to your domain’s httpd.conf or to your site’s root (or other target directory) htaccess file:

# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off

With that in place, PHP errors will no longer be displayed publicly on your site. This eliminates a potential security risk, and keeps those ugly, unintelligible PHP errors from breaking your site layout and disorienting your visitors. No editing required for this code.

Enable private PHP error logging

Now that we have hidden PHP errors from public view, let’s enable the logging of PHP errors so that we can privately keep track of them. This is done by including the following htaccess directives to your domain’s httpd.conf or to your site’s root (or other target directory) htaccess file:

# enable PHP error logging
php_flag  log_errors on
php_value error_log  /home/path/public_html/domain/PHP_errors.log

For this to work, you will need to edit the path in the last line to reflect the actual location of your PHP_errors.log file. Of course, you will need to create this file and subsequently set the file permissions to 755 or, if necessary, 777. Finally, you need to secure the log file itself by adding this final line of code to your htaccess file:

# prevent access to PHP error log
<Files PHP_errors.log>
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

Then, after everything is in place, check that everything is working by triggering a few PHP errors. You may also want to verify protection of your error log by trying to access it via a browser.

Jeff Starr
About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
GA Pro: Add Google Analytics to WordPress like a pro.

9 responses to “How to Enable PHP Error Logging via htaccess”

  1. Yr codes let my .htaccess spoilt…

    [ Editor’s note: comment edited to remove the redundant list of PHP errors.. ]

  2. Nvm. i think i got it mix up.

  3. Jeff Starr
    Perishable 2008/01/27 8:52 am

    Hopefully everything worked out for you, jonathan..

  4. Seems to cause an error 500 – Internal Server Error on my site…..

  5. Actually, it looks like they do, as the server is running under CGI:
    http://www.danodemano.com/php_info.php

    I’m going to contact the host and see what they can do about it. Thanks for the article, and the BLAZING fast response, keep up the great work!!


    Dan

  6. Jeff Starr
    Perishable 2008/04/28 3:28 pm

    Some hosts disable this feature by default.. If you have not already done so (and aren’t sure about it), I would contact your host and ask them if php error logging is enabled via htaccess. If necessary, use this article as a reference.

  7. Jeff Starr
    Perishable 2008/04/28 3:35 pm

    No sweat — let me know how it goes!

  8. Works like a charm.. You just saved my day. Thanks a million.

  9. Jeff Starr
    Jeff Starr 2009/05/27 7:22 am

    @JakubG: My pleasure — glad to be of service! :)

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
WP Themes In Depth: Build and sell awesome WordPress themes.
Thoughts
The Web was better before social media.
WP 5.8 Gutenberg/Block Widgets is breaking many sites. Fortunately Disable Gutenberg makes it easy to restore Classic Widgets with a click.
Easily the most common exploit scan for WordPress is /{path}/wp-login.php.
Pushing 110+ ℉ for several days now, expected for at least another week or so.
After 12 intense weeks the Plugin Planet redesign is now live. Much work still happening behind the scenes.
June, July, August historically are slow months on the Web. Perfect time to get some real work done (think projects).
Redesigning Plugin Planet is one the most challenging things I’ve done online. Almost there, about another two weeks ’til launch.
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.