How to Hide PHP Version?

Published on November 8th, 2015 by

PHP is an open-source web scripting language that is widely used to build dynamic web pages. But its default installation leaves a hack and unneeded information called PHP version as X-Powered-By: PHP/X.x.x which help hackers to target your site for various vulnerabilities; especially when you have installed an outdated software. So it is a good thing to hide that vulnerability i.e., PHP Version from the header.

Let’s see how we can disable it. In order to hide PHP version from website header just turn off the function in PHP.ini file called expose_php. One more thing many of us are using either PHP or PHP-FPM so the location of PHP.ini might be different and based on your Linux distribution this can be found in various places. Thus I have given all the possible locations; use the command of whichever PHP you are using.

If you are using PHP the use following command,

nano /etc/php.ini

If you are using PHP-FPM use following command,

sudo nano /etc/php5/fpm/php.ini

Now find the expose_php and change its default value On to Off.

expose_php = Off
Hide PHP Version

Now restart PHP service.

To check whether it is working or not request for a response using below command.

curl -I

After making this change in PHP, it will no longer add its signature to the webserver header. Also keep mind that doing this, will not make your server more secure.

It will just prevent remote hosts to see what version of PHP software is installed.

Published in Tech Tutorials
Labeled with

About AtulHost

Hi, I'm Atul Kumar Pandey; also known as AtulHost on the web, a blogger by profession with an objective of sharing fresh and real contents in the business and technical topics; from contents to useful resources it's all here.

Leave a Reply