diff --git a/WordPress-Security-Tips.md b/WordPress-Security-Tips.md
index bfc1802..5c4f71c 100644
--- a/WordPress-Security-Tips.md
+++ b/WordPress-Security-Tips.md
@@ -84,6 +84,15 @@ It is recommended that only plugins published on the official WordPress plugins
 
 Backup files should not be stored within a public web directory. The backup file names may be guessed via the use of brute force techniques.
 
+Solution: switch off debugging.
+Change these lines in the 'wp-config.php' file:
+```
+// Switch off debugging.
+define('WP_DEBUG', false);
+// Switch off debug logging.
+define('WP_DEBUG_LOG', false);
+```
+
 **20. Remove 'Powered by WordPress' from the blog's footer.**
 
 Attackers may use search engines to find potential vulnerable victims. By removing the 'powered by' text it may help in preventing basic attacker enumeration.