PHP errors enabled

Description

The display_errors directive determines whether error messages should be sent to the browser. These messages frequently contain sensitive information about your web application environment, and should never be presented to untrusted sources.

display_errors is on by default.

Remediation

You can disable display_errors from php.ini or .htaccess.

php.ini
display_errors = 'off'
log_errors = 'on'

.htaccess
php_flag display_errors off
php_flag log_errors on

References
Severity
Classification
Tags
  • Configuration   Information Disclosure