alexstandiford
commented
3 years ago Resolved in Logger loader 2.0 by saving directly to the PHP log instead. This is much more-secure, and gives more control over how these items are logged.
Closed alexstandiford closed 3 years ago
alexstandiford
commented
3 years ago Resolved in Logger loader 2.0 by saving directly to the PHP log instead. This is much more-secure, and gives more control over how these items are logged.
Event logs are saved in the uploads directory, directly inside of a directory called
underpin-event-logsOn many servers, this makes it possible to access these files directly without authentication, as long as you know the path to the file. This should probably be replaced with some sort-of hash for the directory name.
This could be done using something like
wp_hash( home_url( '/' ) ), which would generate a hash for the directory unique to the specific site, and make it harder to access the log directly.