Not logging errors makes production debugging impossible:
- Silent failures - Errors happen, nobody knows
- Can't reproduce - User reports "it doesn't work"
- No context - When did it fail? For whom?
- Lost information - Exception details gone
// Silent failure
if (!$result) {
return false; // Nobody knows it failed!
}
// No context
error_log('Save failed'); // Which save? When? Why?
// var_dump in production
var_dump($data); // Goes to browser, not logs!// Log with context
if (!$result) {
error_log(sprintf(
'Payment failed for user %d, amount $%s at %s',
get_current_user_id(),
$amount,
current_time('mysql')
));
return false;
}
// Structured logging
error_log('STRUCTURED: ' . wp_json_encode([
'event' => 'payment_failed',
'user_id' => get_current_user_id(),
'amount' => $amount,
'timestamp' => current_time('c'),
]));- ✅ Errors and exceptions
- ✅ Failed operations
- ✅ Security events (login attempts)
- ✅ Critical state changes
- ✅ Performance issues
- User ID
- Timestamp
- Values that failed
- IP address (for security)
- Original error messages
- ❌ Passwords
- ❌ API keys / tokens
- ❌ Credit card numbers / CVV
- ❌ Social Security Numbers (SSN)
- ❌ Bank account numbers
- ❌ Full email addresses (mask: ***@domain.com)
- ❌ Full phone numbers (mask: --1234)
- ❌ Personal addresses
- ❌ Session tokens
- ❌ Any PII (GDPR/CCPA violation)
When you must log user data:
// BAD: Logs everything including credit card
error_log('Order: ' . print_r($order_data, true));
// GOOD: Log only non-sensitive identifiers
$safe_data = [
'order_id' => $order_data['order_id'],
'user_id' => $order_data['user_id'],
'total' => $order_data['total'],
// NO credit card, NO address, NO full email
];
error_log('Order: ' . wp_json_encode($safe_data));
// GOOD: Mask sensitive parts
$last_four = substr($card_number, -4);
error_log("Payment saved - Card ending: ****{$last_four}");Why this matters:
- GDPR/CCPA compliance - Logging personal data violates privacy laws
- PCI-DSS compliance - Credit card data must never be logged
- Security risk - Logs are often less secure than databases
- Data breach liability - Logged data can be subpoenaed
[DEBUG] Starting process
[INFO] Process completed
[WARNING] Slow query detected
[ERROR] Database connection failed
[CRITICAL] Payment gateway down!// wp-config.php
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);
// Logs to: wp-content/debug.log✅ Log all errors with context
✅ Use consistent format
✅ Include timestamps, user IDs
✅ Use log levels (DEBUG, ERROR, etc.)
✅ Never log sensitive data
✅ Monitor error rates
✅ Integrate with monitoring tools
❌ Don't fail silently
❌ Don't use var_dump in production
❌ Don't log passwords
❌ Don't skip error context
❌ Don't log to random locations