Security by obscurity is no security at all. On the other hand you don’t want to give away information about your site either. Today’s tip is a simple one but one that is often overlooked in production environments.
Make sure you do not display errors and potentially leak information about your site.
display_errors = Off in your php.ini of your production server will prevent you from leaking information that may give intruders hints to the structure of your system. By default,
display_errors = On.
You can find more information and error reporting options in the manual’s Error Handling and Logging Functions Introduction section.