How to Hide PHP Version

Hide PHP Version

PHP is an open source web scripting language that is widely use to build dynamic web pages. But its default installation leaves a hack and unneeded information called PHP version as X-Powered-By: PHP/X.x.x which help hackers to target your site for vulnerabilities; especially when you have installed an outdated software. So it is good thing to hide that vulnerability i.e., PHP Version from header.

Let’s see how we can disable it. In order to hide PHP version from website header just turn off the function in PHP.ini file called expose_php. One more thing many of us are use either PHP or PHP-FPM so the location of PHP.ini might be different and based on your Linux distribution this can be found in various places. Thus I have given all the possible locations; use command of whichever PHP you are using.

If you are using PHP the use following command,

nano /etc/php.ini

If you are using PHP-FPM use following command,

sudo nano /etc/php5/fpm/php.ini

Now find the expose_php and change its default value On to Off.

expose_php = Off

Hide PHP Version

Now restart PHP service.

To check whether it is working or not request for a response using below command.

curl -I

After making this change in PHP, it will no longer add its signature to the web server header. Also keep mind that doing this, will not make your server more secure. It will just prevent remote hosts to easily see that you have PHP installed on the system and what version you are running.

Written by
Join the discussion