Disable PHP error reporting
PHP error reporting can be exploited by hackers to glean information about your hosting, website platform or CMS and where to focus their attention to take advantage of known weaknesses in software or applications.
Interrogating error messages and the header information provided can yield the following information :
- Host operating system
- Which Control Panel is being used
- Which plugins are being used…etc.
Having this information a hacker can narrow their attention to be specific to your environment.
This should be covered in a WordPress Security Maintenance review.