When it comes to WordPress development or if you’re curious and open up any of its files to look at the code, you’ll come across some that contain something about “Silence is Golden”. If you’re wondering about what Silence is Golden is and what it does for WordPress, you’re in luck. In this article, you’ll learn about the Silence is Golden directive, some history, as well as some pros and cons if you enable or disable it.
Silence is Golden - What is that?
The Silence is Golden is a PHP directive that is used in WordPress to stop WordPress from displaying errors and warnings to the public. This means that if your site has an error, then it might not show it to your visitors on the frontend web page. Now, this doesn’t mean that it will always prevent all errors from showing, but it sometimes does. For example, if a plugin didn’t update right and instead of getting a PHP error, you might get a general nice looking WordPress error message displayed on the website.
Where does “Silence is Golden” come from?
Before explaining about the Silence is Golden directive, interestingly enough, there’s an origin to it. The phrase "Silence is golden" is originally a proverb that means that it is sometimes better to say nothing at all. This proverb was used to let people know that they should think before they speak, and to not be rash in possibly saying things that they may come to regret later.
The phrase’s history has findings originating in ancient Egypt, where it was a way to caution against anyone who gossips. It also popped up in both ancient Greece and Rome, and appeared in the writings of several philosophers like Plato and Aristotle. However, other references have said that it was part of a longer phrase “Speech is Silver, Silence is Golden” from the ninth century of Arabic culture, but also was considered an Italian proverb.
Pretty cool, but what does an old proverb have to do with WordPress?
The Silence is Golden Directive - Security and Performance
The Silence is Golden directive is usually in place to give better performance and security in a WordPress website. It hides PHP pages from easily being scraped or exploited by hacks or bots. Typically when WordPress comes up with an error or warning, it will display the error or warning in the browser, which would be visible to your visitors.
Unfortunately, when such error messages can be seen by the public, this can potentially become a security risk. The error message itself can indicate to bots or hackers information that could possibly become a vulnerability, and attract malware in WordPress. Furthermore, these errors or warnings can slow down a WordPress site because the content management system (CMS) has to take time checking the database and then posting the error to the frontend of the website. The directive is usually found in most index.php files of every folder within the WordPress core installation files. It looks like:
<?php // Silence is golden.
The only index.php that the directive is not located in, is the top level index.php file of the WordPress core installation files.
The Silence is Golden directive tells WordPress to prevent showing errors and warnings on the frontend of the website. However, you can also do this by adding the following code snippet to the wp-config.php file:
define( 'WP_DEBUG', false );
If you decide to use this small line of code, it’s important to use it with caution. The reason for this is that when WP_DEBUG is turned off, WordPress won’t show any errors or warnings in the browser to your visitors. This will also ensure that WordPress won’t slow down or become a vulnerability. Now, on the other hand, if you set the part that says false to true, then it will display those errors.
However, it is important to note that when you disable errors and warnings, when you do have an actual issue that needs to be troubleshooted because the site isn’t working as expected. In the case that you’re experiencing issues where your site is getting sluggish or not working properly, you will want to turn off the Silence is Golden direction so you can find out where the problem is occurring.
It’s important that you make sure to keep the Silence is golden within the index.php files of your core WordPress installation as it acts like a placeholder that will protect your files from easily being seen by bots and hackers. In a way, WordPress has been helpful in adding this by default to help harden your website’s security. In the case that there are any other lines of code within those files, they may be malware, and you will need to clean and secure your WordPress site.
Pros and Cons of the Silence is Golden directive
While you’ve learned about the Silence is Golden PHP directive, as well as the origination of the phrase, and a brief intro of its uses, to sum whether you should use it or not, here are some pros and cons.
Pros
Cons
Pros of using the Silence is Golden directive
- Improves security
When you enable Silence is Golden, you can prevent displaying errors and warnings, which WordPress is less likely to be exploited by malware and hackings.
- Improves performance
The Silence is Golden directive ensures that WordPress, both the admin area and frontend of the website will load faster, instead of being slowed down while generating errors and warnings.
- Makes it easier to debug problems
When experiencing problems with your WordPress website, like an update didn’t do well or there’s a conflict of a plugin or theme, disabling the directive will allow you to troubleshoot and fix the issue.
Cons using the Silence is Golden directive
- Can possibly make it difficult to debug problems
When you have the Silence is Golden PHP directive enabled, you might find it difficult to see what errors are happening that will tell you in general where to troubleshoot the issue.
In Summary
When it comes to security and performance, you may find the Silence is Golden directive in WordPress a pretty useful tool. If you’re a beginner user, this may still be a bit much, especially if you’re still learning how to troubleshoot WordPress. However, as you get more comfortable with managing your WordPress site, hopefully this article has helped explain well about the directive so you can make an informed choice of whether to enable or disable it.
Frequently Asked Questions
How secure is PHP?
PHP has an excellent security reputation and the developers are constantly making updates. Plus, you’ll benefit from additional security measures for your site by opting for a managed hosting package.
Can I contact the PHP developers?
Not directly, however, over on PHP.net you’ll find an extensive range of patch update information, forums, and articles that will answer the majority of your technical questions.
Who is responsible for PHP bugs and security issues?
Any fixes will primarily be covered by the PHP developers, and regular updates are pushed out. Under a managed hosting solution, Verpex will make sure any updates are applied to your site as soon as they’re ready.
What content management sytems use PHP?
All of the most popular content management systems are compatible with PHP including, WordPress, Joomla, Drupal, and Magento
Nile Flores is a long time professional blogger, as well as WordPress website designer and developer from the St. Louis Metro East. Nile blogs at NileFlores.com, where she’s passionate about helping website owners, whether they’re small business owners or bloggers. She teaches about Blogging, Social Media, Search Engine Optimization, Website Design, and WordPress. Additionally, Nile loves to speak at WordCamps (WordPress conferences) across the United States. When Nile isn’t knee-deep in coding, she’s a proud mom of a college student, and enjoys oil painting, cigar smoking, nail art design, and practicing traditional Okinawan kempo karate.
View all posts by Nile Flores
