How to Hide PHP Version in Linux

In general, most of the web server software has been installed with default settings that will lead to information leakage. One of them is a PHP software. PHP (Hypertest Preprocessor) is one of the most popular server-side HTML embedded scripting language for the websites today. In the current challenging times, there are lots of attacker will try to discover the weaknesses in your your server system. Hence, i will describe the simple way to hide the PHP information in Linux server.

By default expose_php is set to On. Turning off the “expose_php” parameter causes that PHP will hide it version details.

[root@centos66 ~]# vi /etc/php.ini

In your php.ini, locate the line containing expose_php On and set it to Off:

expose_php = Off

Before the changes, web server header will look like below :

[root@centos66 ~]# curl -I https://webhostinggeeks.com/howto/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
X-Pingback: https://webhostinggeeks.com/howto/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache

After the changes, PHP will no longer show the version to the web server header :

[root@centos66 ~]# curl -I https://webhostinggeeks.com/howto/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Feb 2015 15:38:14 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Pingback: https://webhostinggeeks.com/howto/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache
Leave a Reply

Your email address will not be published. Required fields are marked *

SiteGround.com

A world leading hosting company that provides fully-managed innovative and secure solutions, suitable for hosting small to medium-sized websites

Built on the best available technologies combined with Google Cloud for strong redundancy and application availability. Backed by skilled experts to address web security threats, a devops team to create advanced custom security solutions, and 24/7 sysadmins to watch over the platform. This powerful, hands-on approach makes your sites faster, safer, and easier to manage. Starting from only $3.95/mo.

TRY FREE

* up to 30 days money back guarantee