While debugging a PHP application, you might need to see errors directly in your browser. The display_errors directive makes this possible, but leaving it active on a live website creates a significant security risk. This guide provides a complete walkthrough to enable or disable PHP display_errors in cPanel using the CloudLinux Selector, ensuring you can debug effectively without compromising your site’s security.
Table of Contents
Why Managing PHP display_errors is Critical
Properly managing your PHP error display settings is a fundamental part of website security. When display_errors is enabled on a production server, detailed error messages can be exposed to any visitor. These messages often contain sensitive information about your server environment, such as file paths, database table names, and code logic. Malicious actors can use this information to map out your application’s structure and identify potential vulnerabilities for an attack. Safeguarding this information is a key component of a strong Web Application Security (WAF) posture.
Configure display_errors in cPanel Step-by-Step
You can easily toggle this setting within your cPanel account using the CloudLinux PHP Selector. This tool provides a simple graphical interface for managing your PHP configuration without needing to edit files manually. Follow these steps carefully.
- Log into your cPanel Account
Begin by accessing your cPanel dashboard using your provided credentials. - Navigate to Select PHP Version
In the Software section, find and click on the Select PHP Version icon. This will take you to the CloudLinux PHP Selector interface, where you can manage various settings for your account.
- Switch to the Options Tab
At the top of the PHP Selector page, click on the Options tab to view the configurable PHP directives for your selected PHP version.
Important Note: If this page displays an error mentioning the ‘native’ PHP version, you must first return to the Extensions tab and use the dropdown menu to change PHP version to any non-native option (for example, 7.4 or 8.1). After changing it, return to the Options tab. - Enable or Disable display_errors
Scroll through the list of options to find the display_errors directive. To enable it for debugging, check the box next to it. To disable it for security, make sure the box is unchecked. The change is saved automatically.
Best Practices for PHP Error Handling
While enabling display_errors is useful in a development or staging environment, it should always be disabled on a live production website. For production sites, the correct approach is to log errors to a private file on the server. This allows you to review and fix issues without exposing any sensitive information to the public. You can typically define an error log file within your PHP settings or your application’s framework. For complex server configurations or persistent issues, consider leveraging Managed IT Services to ensure your environment is both performant and secure.
Frequently Asked Questions
Here are answers to common questions about managing PHP’s display_errors setting.
display_errors is a core PHP directive that determines whether error messages generated by a script are sent to the web browser as part of the output. It is intended for development purposes only.
No, it is not safe. Enabling display_errors on a live website is a serious security risk because it can reveal server paths, database details, and other sensitive information that could be exploited by attackers.
The best practice is to enable PHP error logging. This writes all errors to a secure log file on the server that you can access and review privately, without exposing any information to website visitors.
The CloudLinux Selector is a feature in cPanel that allows users to select specific PHP versions and manage common PHP extensions and settings like display_errors or the change PHP memory limit on a per-account basis.
The ‘native’ PHP version is the default version installed by the server administrator. Its settings are global and cannot be modified by individual cPanel users through the PHP Selector. To customize settings, you must first select a non-native PHP version for your account.
