I have an up and running WordPress site for some time.
Lately, I noticed somebody or something is making requests to www.example/wp-admin/setup-config.php?step=0. Which is resulting in these entries in my error log?
PHP Warning: Use of undefined constant DB_USER - assumed 'DB_USER' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example/wp-admin/setup-config.php?step=0│
undefined constant DB_PASSWORD - assumed 'DB_PASSWORD' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example-admin/setup-config.php?step=0
undefined constant DB_NAME - assumed 'DB_NAME' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example/wp-admin/setup-config.php?step=0
undefined constant DB_HOST - assumed 'DB_HOST' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example/wp-admin/setup-config.php?step=0
When I visit www.example/wp-admin/setup-config.php?step=0 I see the above errors are added to the error.log and the normal message as expected in my browser:
The file wp-config.php already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try installing now.
The site is working properly. Of course, I do not want to run the config script. And DB_USER, DB_PASSWORD, DB_NAME and DB_HOST are defined my wp-config.php file.
A How can I prevent unwanted access to the setup-config.php file? B If people are requesting setup-config.php. How do I prevent the error.log from being cluttered?
I do not want to disable logging warnings
I have an up and running WordPress site for some time.
Lately, I noticed somebody or something is making requests to www.example/wp-admin/setup-config.php?step=0. Which is resulting in these entries in my error log?
PHP Warning: Use of undefined constant DB_USER - assumed 'DB_USER' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example/wp-admin/setup-config.php?step=0│
undefined constant DB_PASSWORD - assumed 'DB_PASSWORD' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example-admin/setup-config.php?step=0
undefined constant DB_NAME - assumed 'DB_NAME' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example/wp-admin/setup-config.php?step=0
undefined constant DB_HOST - assumed 'DB_HOST' (this will throw an Error in a future version of PHP) in /var/www/html/wp-includes/load.php on line 404, referer: example/wp-admin/setup-config.php?step=0
When I visit www.example/wp-admin/setup-config.php?step=0 I see the above errors are added to the error.log and the normal message as expected in my browser:
The file wp-config.php already exists. If you need to reset any of the configuration items in this file, please delete it first. You may try installing now.
The site is working properly. Of course, I do not want to run the config script. And DB_USER, DB_PASSWORD, DB_NAME and DB_HOST are defined my wp-config.php file.
A How can I prevent unwanted access to the setup-config.php file? B If people are requesting setup-config.php. How do I prevent the error.log from being cluttered?
I do not want to disable logging warnings
Share Improve this question edited Nov 8, 2018 at 14:17 Gufran Hasan 6918 silver badges20 bronze badges asked Nov 8, 2018 at 9:26 FlorianFlorian 1759 bronze badges1 Answer
Reset to default 1You can place a .htaccess file in the folder wp-admin with the following content:
<Files "setup-config.php">
Order Deny,Allow
Deny from all
</Files>
Optionally you can add the line Allow from {your ip address} after Deny from all, so you can access the file.