Discovered wp-app.log File

A wp-app.log file is present.

  • exposure
  • logs

wp-app.log (Application Logfile) is a log file that is used by WordPress to log information about the application. However, sensitive information might be included in the files.

Impact

Attackers can trivially retrieve any sensitive information that is present in the file. This may include a logged session token, user’s login credentials or other sensitive information.

Solution

Remove the wp-app.log file. It should not be present in a production environment.

Was this page helpful?