How to hide PHP version?

Published in

on

PHP is an open-source web scripting language that is widely used to build dynamic web pages. But its default installation leaves a hack and unneeded information called PHP version as X-Powered-By: PHP/X.x.x which help hackers to target your site for various vulnerabilities; especially when you have installed an outdated software. So it is a good thing to hide that vulnerability i.e., PHP Version from the header.

Let’s see how we can disable it. In order to hide PHP version from website header just turn off the function in PHP.ini file called expose_php. One more thing many of us are using either PHP or PHP-FPM so the location of PHP.ini might be different and based on your Linux distribution this can be found in various places. Thus I have given all the possible locations; use the command of whichever PHP you are using.

If you are using PHP the use following command,

nano /etc/php.ini

If you are using PHP-FPM use following command,

sudo nano /etc/php5/fpm/php.ini

Now find the expose_php and change its default value On to Off.

expose_php = Off
Hide PHP Version

Now restart PHP service.

To check whether it is working or not request for a response using below command.

curl -I http://www.YourDomainName.com

After making this change in PHP, it will no longer add its signature to the webserver header. Also keep mind that doing this, will not make your server more secure.

It will just prevent remote hosts to see what version of PHP software is installed.

Leave a Reply

Your email address will not be published. Required fields are marked *