{"id":26435,"date":"2012-05-26T12:20:47","date_gmt":"2012-05-26T06:50:47","guid":{"rendered":"https:\/\/www.quickonlinetips.com\/archives\/?p=26435"},"modified":"2020-05-24T10:58:38","modified_gmt":"2020-05-24T05:28:38","slug":"hide-php-version-in-site-headers","status":"publish","type":"post","link":"https:\/\/www.quickonlinetips.com\/archives\/2012\/05\/hide-php-version-in-site-headers\/","title":{"rendered":"How to Hide PHP Version in Site HTTP Headers"},"content":{"rendered":"<p>You must hide PHP version of your server in site headers for better site security. It is essential that you keep your PHP version updated on your server as newer versions help to fix security bugs, besides getting new features. I found that even after you <a href=\"https:\/\/www.quickonlinetips.com\/archives\/2012\/05\/turn-off-server-signature\/\">turn off server signature<\/a> to hide server details and your Apache version, the X-Powered by PHP version still appears in the site headers.<\/p>\n<p>For example, if you simply <a href=\"http:\/\/www.whatsmyip.org\/http-response-headers\/\" target=\"_blank\" rel=\"noopener noreferrer\">check site headers<\/a> of some site, you will get X-powered-By: PHP\/5.3.10<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-26526\" title=\"hide-php\" src=\"https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/hide-php.png\" alt=\"hide php version\" width=\"351\" height=\"76\" srcset=\"https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/hide-php.png 351w, https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/hide-php-150x32.png 150w, https:\/\/www.quickonlinetips.com\/archives\/wp-content\/uploads\/hide-php-300x64.png 300w\" sizes=\"(max-width: 351px) 100vw, 351px\" \/><\/p>\n<p>While you thought only you could <a href=\"https:\/\/www.quickonlinetips.com\/archives\/2009\/04\/find-server-php-version\/\">find PHP version<\/a> of your server, or needed a <a href=\"https:\/\/www.quickonlinetips.com\/archives\/2011\/07\/find-wordpress-php-mysql-versions\/\">PHP version plugin<\/a>, now you see how easy it is for anyone to see your server details. And hackers can easily find out <em>known<\/em> security holes of that version and attack your server.<\/p>\n<h3>Hide PHP version<\/h3>\n<p>So how to hide PHP version. Servers display the PHP version by default due to <a href=\"http:\/\/www.php.net\/manual\/en\/ini.core.php#ini.expose-php\" target=\"_blank\" rel=\"noopener noreferrer\">expose_php<\/a>, a core PHP.ini configuration directive. So you need to turn it off.<\/p>\n<ul>\n<li>Login to your server via FTP. I use <a href=\"http:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Filezilla<\/a> FTP Client.<\/li>\n<li>Find <strong>php.ini<\/strong> file on your server. Usually the global php.ini is located in\u00a0<em>\/usr\/local\/lib\/php.ini<\/em> (but can vary depending on your server configuration and PHP installation. Check your hosting level for access and permissions)<\/li>\n<li>Save a backup copy of your php.ini file (in case something goes wrong, restore it)<\/li>\n<li>php.ini is a simple text file and can be edited in any text editor like Notepad.\u00a0Add the line<br \/>\n<em style=\"color: #ff0000;\">expose_php = off<\/em><\/li>\n<li>Save the php.ini file and upload to same location\u00a0(do not save as .txt).<\/li>\n<\/ul>\n<p>Now check your site headers check and you will find the entry of X-powered-by: PHP\/[ version] will disappear. This is helpful as it does not expose your old PHP version on the server to known security holes and prevents hackers from getting secure server information.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>NOTE<\/strong><\/span>: It&#8217;s a bad idea to mess with your php.ini file. If you don&#8217;t have sufficient technical expertise, and can&#8217;t fix it yourself, ask your web hosting service support to fix it for you easily.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You must hide PHP version of your server in site headers for better site security. It is essential that you&#8230;<\/p>\n","protected":false},"author":4,"featured_media":26526,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[6,25,7],"tags":[],"class_list":["post-26435","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogging","category-domain-hosting","category-security"],"_links":{"self":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts\/26435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/comments?post=26435"}],"version-history":[{"count":0,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/posts\/26435\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/media\/26526"}],"wp:attachment":[{"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/media?parent=26435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/categories?post=26435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickonlinetips.com\/archives\/wp-json\/wp\/v2\/tags?post=26435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}