I have been using WebsiteDefender on one of my sites, after it was hacked. I recently moved the site to another (shared) hosting company, and WebsiteDefender gave me the following report:
The display_error PHP configuration directive is enabled. This means that untrusted sources can see detailed web application environment error messages which might include sensitive information which can be used to craft further attacks.
You can disable display_errors from php.ini or .htaccess.
display_errors = 'off'
log_errors = 'on'
php_flag display_errors off
php_flag log_errors on
I added the lines above to my .htaccess file, but that caused a server 500 error when I tried to view the site.
Any help would be appreciated.