PHP is an open-source web scripting language that is widely used to build dynamic web pages. But its default installation leaves a hack and unneeded information called PHP version as X-Powered-By: PHP/X.x.x which help hackers to target your site for various vulnerabilities; especially when you have installed an outdated software. So it is a good thing to hide that vulnerability i.e., PHP Version from the header.
Let’s see how we can disable it. In order to hide PHP version from website header just turn off the function in PHP.ini file called expose_php. One more thing many of us are using either PHP or PHP-FPM so the location of PHP.ini might be different and based on your Linux distribution this can be found in various places. Thus I have given all the possible locations; use the command of whichever PHP you are using.
If you are using PHP the use following command,
nano /etc/php.ini
If you are using PHP-FPM use following command,
sudo nano /etc/php5/fpm/php.ini
Now find the expose_php and change its default value On to Off.
expose_php = Off
Now restart PHP service.
To check whether it is working or not request for a response using below command.
curl -I http://www.YourDomainName.com
After making this change in PHP, it will no longer add its signature to the webserver header. Also keep mind that doing this, will not make your server more secure.
It will just prevent remote hosts to see what version of PHP software is installed.
Leave a Reply