Turn Off Server Signature for Better Server Security

Do you turn off server signature for better site security? Just like you turned off the visibility of your WordPress version, why do you want hackers to know about your server signature which clearly displays your private server details like your Apache version.

Server Signature

It is very easy for anyone to view your Apache versions and other installed critical software on your server, and if you don’t upgrade your server software like Apache to the latest versions, and fail to fix security issues which these upgrades fix, then you don’t want anyone online to be aware about your server details. Any simple online tool will show HTTP site headers of any site. This is a sample site I checked.

server signature on

As you can see it is very easy to see all the server details, and hackers can get a good idea about servers which haven’t been upgraded to the latest software versions, which means to say that your server is not adequately patched with security fixes and is prone to hacking.

Turn off server signature

So if you want to quickly check if your site hosting server is revealing your server signature to the world, simply use this site to check server signature  and you can find out if your server signature is off. It is a good idea to turn off your server signature for better site security.

check server signature

How do you turn off server signature? Well we got our amazing hosting service provider Knownhost to fix the issue. Our hosting service fixed the issue after we sent them an support request quickly. Probably if you are an expert in managing servers (like many amazing QOT readers!), you can fix it yourself.

They informed me that they added the following values in the Apache configuration file to switch off the Server Signature.
ServerSignature Off
ServerTokens ProductOnly

If you login to WHM  > Service Configuration > Apache Configuration

server signature options

Now with the server signature off, see how your HTTP site headers will look like.if

server signature off

I just browsed the server details of several top websites, surprisingly which are running on very old software versions! So what are you waiting for, if  went ahead to hide WordPress version, then you should go ahead and switch off server signature right now for better server security and site safety.

Share with friends

About the Author: P Chandra is editor of QOT, one of India's earliest tech bloggers since 2004. A tech enthusiast with expertise in coding, WordPress, web tools, SEO and DIY hacks.