AITpro

Thanks dewebkiller for taking the time to leave a review. Very much appreciated! Sorry for the delay in getting back to you > was travelling. I can answer your questions in the WordPress support topic that you posted.

Thanks elanaborth for taking the time to leave a review. Very much appreciated!

Ah ok then the reason for that is you either have the display_errors directive set to On instead of Off in your php.ini or .user.ini file under the root of your hosting account or you have WP_DEBUG set to display errors in your wp-config.php file. See the WordPress WP_DEBUG code below. You should always have WP_DEBUG set to false on a Production/Live website and only set the value to true briefly when debugging. Some web hosts allow you to set display_errors values in your web host control panel. If your web host does not have the feature then you would create a plain text file called either php.ini or .user.ini and add this directive in the file: display_errors=Off and upload the file to your hosting account root folder.

define('WP_DEBUG', false);
define('WP_DEBUG_LOG', false);
define('WP_DEBUG_DISPLAY', false);

A PHP error log cannot be viewed externally by someone else unless there is some kind of problem with file permissions. So that hosting account path would only be viewable by someone who either has hosting account access or WordPress Administrator access. Try viewing your PHP error log from a browser and let me know if you can view it externally. You would need to use the URL path and not a file path. example: https://www.example.com/error_log

Where are you seeing the PHP errors? In your PHP error log or somewhere else? What vulnerability scanner are you using? A plugin? An online scanner?

• This reply was modified 1 year ago by AITpro.

Just checked the site again and it is working fine. I see one possible cause for the 403 error.

Add this plugin whitelist rule below in the Plugin Firewall > Plugins Script|File Whitelist Text Area > click the Save Whitelist Options button > click the Plugin Firewall > Activate button.

/nm-wishlist/assets/js/(.).js(.)

I tested the Query Strings and they did not generate a 403 error on my test site. The Query String contains one half of a security condition that would be blocked by the DB SQL security filter, but without one of the other various conditions it would not be blocked. Post the BPS Security Log entry that shows what is being blocked in WC.

• This reply was modified 1 year, 2 months ago by AITpro.

Thanks Ocala Website Designs for taking the time to leave a review. Very much appreciated!