Error warnings for PHP are helpful during development, where you can use them for debugging. Showing the same errors and warnings in a production environment could pose a security risk as it could expose sensitive and exploitable information about the system.

Warning and error reporting in PHP are configured via the display_error error_reporting directives. display_error defines if errors are displayed at all, while error_reporting allows you to specify the type or level of errors to show.

Steps to remove error and warning messages in PHP:

  1. Open PHP configuration file using your preferred text editor. 

    $ sudo vi /etc/php/7.4/apache2/php.ini

    Related: PHP configuration files

  2. Search for display_error directive. 

    ; This directive controls whether or not and where PHP will output errors, ; notices and warnings too. Error output is very useful during development, but ; it could be very dangerous in production environments. Depending on the code ; which is triggering the error, sensitive information could potentially leak ; out of your application such as database usernames and passwords or worse. ; For production environments, we recommend logging errors rather than ; sending them to STDOUT. ; Possible Values: ;   Off = Do not display any errors ;   stderr = Display errors to STDERR (affects only CGI/CLI binaries!) ;   On or stdout = Display errors to STDOUT ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-errors display_errors = On

  3. Set the value to Off if you don't want to see any error or warning messages at all. 

    display_errors = Off

    Set the value to On instead to further tune the types of messages to display using error_reporting directive.

  4. Search for error_reporting directive. 

    ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;  ; This directive informs PHP of which errors, warnings and notices you would like ; it to take action for. The recommended way of setting values for this ; directive is through the use of the error level constants and bitwise ; operators. The error level constants are below here for convenience as well as ; some common settings and their meanings. ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT ; those related to E_NOTICE and E_STRICT, which together cover best practices and ; recommended coding standards in PHP. For performance reasons, this is the ; recommend error reporting setting. Your production server shouldn't be wasting ; resources complaining about best practices and coding standards. That's what ; development servers and development settings are for. ; Note: The php.ini-development file has this setting as E_ALL. This ; means it pretty much reports everything which is exactly what you want during ; development and early testing. ; ; Error Level Constants: ; E_ALL             - All errors and warnings (includes E_STRICT as of PHP 5.4.0) ; E_ERROR           - fatal run-time errors ; E_RECOVERABLE_ERROR  - almost fatal run-time errors ; E_WARNING         - run-time warnings (non-fatal errors) ; E_PARSE           - compile-time parse errors ; E_NOTICE          - run-time notices (these are warnings which often result ;                     from a bug in your code, but it's possible that it was ;                     intentional (e.g., using an uninitialized variable and ;                     relying on the fact it is automatically initialized to an ;                     empty string) ; E_STRICT          - run-time notices, enable to have PHP suggest changes ;                     to your code which will ensure the best interoperability ;                     and forward compatibility of your code ; E_CORE_ERROR      - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING    - warnings (non-fatal errors) that occur during PHP's ;                     initial startup ; E_COMPILE_ERROR   - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ; E_USER_ERROR      - user-generated error message ; E_USER_WARNING    - user-generated warning message ; E_USER_NOTICE     - user-generated notice message ; E_DEPRECATED      - warn about code that will not work in future versions ;                     of PHP ; E_USER_DEPRECATED - user-generated deprecation warnings ; ; Common Values: ;   E_ALL (Show all errors, warnings and notices including coding standards.) ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices) ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.) ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors) ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT ; http://php.net/error-reporting error_reporting = E_ALL

  5. Set error_reporting values to the types of messages to display. 

    error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

  6. Restart your web server for changes to take effect. 

    $ sudo systemctl restart apache2

    Related: How to manage Apache service