How to hide PHP version information and Why? By default, when your PHP processes php scripts, it adds the “X-Powered By” and displays the version number and information. Like Apache, it is not good to expose your PHP information to the public. Please follow the below steps to hide it from the public.
Find your main PHP configuration file.
php -i | grep php.ini
You will get the location of your main php.ini file from this. Edit the file, and you can see the below lines.
vim /etc/php.ini --- expose_php = on ---
Edit it as follows.
expose_php = off
Restart Apache
/etc/init.d/httpd restart
So that’s how you disable PHP version information. If you want to check the working, execute “curl -I http://yourdomain.com” in your shell before and after making the changes, and you can see the difference. If you check the header before making the changes, you can see something like the example given below.
HEAD http://yourdomain.com/index.php 200 OK Connection: close Date: The date goes here Server: Apache Content-Type: text/html; charset=UTF-8 Client-Date: Client date here Client-Peer: Client IP here Client-Response-Num: 1 X-Powered-By: PHP/5.x.x ( PHP version here )
After making the changes, you can see it’s no longer showing the PHP version. Actually, this won’t prevent hacking. But attackers won’t easily see what PHP version you have installed in your server. So this is something you have to do if you are concerned about the safety of your server.
If you want to disable Apache header information, please follow the steps mentioned in the article – How to Disable Apache Header Information: Easy Steps.
