WP Debug Toolkit 1.1.0 is LIVE. Get $300 discount on the lifetime deal now
Use Discount Code WPDTLTD
Get Started Now
Home
Features
Error Log Viewer
A Better Way to Check WordPress Logs
Query Viewer
Fast, Lightweight Database Monitoring
Email Alerts Viewer
Know About Issues Before Your Clients Do
Pricing
Account
Get WP Debug Toolkit
Home » Docs » Features » Viewer App » Custom viewer URL

Custom viewer URL

The WP Debug Toolkit (WPDT) standalone viewer is accessible at a URL based on a directory name in your web root. You can change this directory name from the default to any alphanumeric slug.

Default URL

After installation, the viewer is available at:

https://example.com/wpdebugtoolkit/

The directory wpdebugtoolkit is created in your web root alongside wp-content/, wp-admin/, and other WordPress directories.

Changing the URL

  1. Go to Debug Toolkit > Settings > Viewer.
  2. Find the Viewer URL field.
  3. Enter a custom directory name (e.g., debug-viewer, my-logs, site-monitor).
  4. Save the setting.

WPDT reinstalls the viewer at the new path. The old directory is removed and a new one is created with the same viewer files, configuration, and password.

Naming rules

The directory name can contain:

  • Letters (a–z, A–Z)
  • Numbers (0–9)
  • Hyphens (-)
  • Underscores (_)

Maximum length: 50 characters. Reserved directory names (wp-admin, wp-content, wp-includes, etc.) are not allowed.

When to change the URL

Reducing scanner noise. Automated security scanners and bots probe known paths. If wpdebugtoolkit shows up in scanner reports or generates unnecessary access log entries, changing the URL reduces that noise.

Organizational preference. If you manage multiple tools at the web root, you may want a shorter or more descriptive name.

Not a security measure

Changing the viewer URL does not make the viewer more secure. The viewer is protected by:

  • Mandatory password authentication (minimum 8 characters)
  • Progressive rate limiting on failed logins (5 seconds to 24-hour lockout)
  • 30-minute session timeout with IP binding
  • CSRF token validation on all state-changing actions
  • Security headers (Content-Security-Policy, X-Frame-Options, X-Content-Type-Options)
  • Path traversal protection with a blocked-files list
  • API action whitelist — only recognized actions are accepted
  • Query logs encrypted at rest
  • Sensitive data redaction in log output

These protections apply regardless of the directory name. An attacker who discovers the URL still faces password authentication and brute-force protection. Security through obscurity is not a substitute for real access controls, and WPDT does not rely on it.

After changing the URL

Update any bookmarks, saved links, or documentation that reference the old viewer URL. The old URL stops working immediately after the change — the directory is removed from the web root.

If you have team members who access the viewer, notify them of the new URL.

On this page
Home Features Support
Error Log Viewer
A Better Way to Check WordPress Logs
Query Viewer
Fast, Lightweight Database Monitoring
Site Monitor
Know About Issues Before Your Clients Do
Try WP Debug Toolkit
The best error log viewer with amazing developer tools to help you troubleshoot your WordPress site securely and efficiently. Something something more.
Try Now
Get WP Debug Toolkit