Error Reporting in Drupal
By default, when Drupal content management system encounters an PHP error (which can be due to code bugs in the software, templates, server, or any number of reasons), Drupal’s error reporting will log the errors to both the log and to the screen.
This is fine during theme development when it is helpful to see the errors displayed on the webpage. However, in a production system, this can be a security risk. Displaying code errors in a production system will provide information to hackers that can exploit the system.
As recommended by the Drupal admin setting page instruction, it says …
“While it is recommended that a site running in a production environment write errors to the log only, in a development or testing environment it may be helpful to write errors both to the log and to the screen.”
So for a live website, you should change the error reporting setting to “Writer errors to the log” as shown below. This setting can be accessed by logging into the Drupal admin and going into “Administer -> Site Configuration -> Error Reporting”.
On the same settings page, you will notice that you can also have Drupal redirect 403 (access denied error) and 404 (page not found error) to a particular page that you specify.