Many popular CMSs are based on PHP and it is almost like backbone to them. They also play a very integral role in their security. Just like servers using outdated Apache or Nginx verion they also use outdated PHP for their functionalities and this is a big security issue. Hackers can easily take advantage of this and plant some critical bugs.
We can easily turn off server signature to hide server version but for hiding the PHP version it is a bit hectic task. Below you can see the difference, in the first screenshot we can find the PHP version (5.4.25) and in the second screenshot it is not present. We removed it from the HTTP headers. We can use any tool related to HTTP Headers for finding it.
Before Hiding PHP Version
After Hiding PHP Version
Hide PHP Version – How To Do It?
Due to a core PHP.ini configuration directive called expose_php the servers are displaying the PHP version by default. So we are now going to turn it off.
We can use our File Manager or any FTP client like Filezilla to access your server. Now we have to find php.ini file. This will be normally located at /usr/local/lib/php.ini and it might vary according to your server configuration. If you are not able to access it, you can ask your hosting about changing your permissions to access those files.
Now before we do anything silly, we better take a backup of that file. (IMPORTANT)
Now open that file using any text editor (like notepad or wordpad) and add this line:
expose_php = off
Now save it. Make sure it is saved in the same location and it is not saved as .txt file.
php.ini is a valuable file, it should be handled carefully and if you are facing any difficulties do let us know in the comments. If you want to hide PHP version and you are not comfortable with performing these steps, then you can kindly request your web hosting support to do this for you.
That’s it. Now we have successfully removed the PHP version of your server and now even if the version is outdated, the hackers won’t be able to know it (well, know it easily). But it is always recommended to have your server updated with the latest PHP version, kindly make sure your server does that often.
1 thought on “How To Hide PHP Version Of Your Web Server”
This is really impressive. Its a good way to protect site from hacker. Nice tips.