So the question is what to do in such cases?
Suppose that he/she tries to access these pages…what must I present to him?
Try defining a LOCALHOST constant that only allows certain scripts to run locally:
<?php
defined('LOCALHOST') ?: define('LOCALHOST', 'localhost' === $_SERVER['SERVER_NAME']);
// DEFAULT to ONLINE
error_reporting(0); ini_set("display_errors", "0");
if(LOCALHOST)
{
error_reporting(-1); ini_set("display_errors", 1);
}
///
echo LOCALHOST ? "DEBUGGING AND SENSITIVE INFORMATION" : NULL;