PHP is a popular web development platform used by millions of websites. It is important to hide the sensitive information about your PHP server to avoid malicious attacks. Since PHP is so widely used, many hackers try to exploit PHP vulnerabilities to harm PHP based CMS such as WordPress. In this article, we will look at how to hide PHP version in WordPress/Apache.
How to Hide PHP Version in WordPress/Apache
Typically, if you look at the response headers from your website, you will see something like the following which gives away the PHP version. Hackers can use this information to exploit your website.
Here are the steps to hide PHP version in WordPress/Apache and other PHP-based websites.
1. Locate PHP configuration file
Open terminal and run the following command to locate the PHP configuration file php.ini on your system.
$ php -i | grep "Loaded Configuration File"
You will see the following output
# CentOS/RHEL/Fedora Loaded Configuration File => /etc/php.ini # Debian/Ubuntu/Linux Mint Loaded Configuration File => /etc/php/7.0/cli/php.ini
2. Create Backup
Create a backup of the above file before you proceed, as it is a very important configuration file required for proper functioning of your PHP website.
# CentOS/RHEL/Fedora $ sudo cp /etc/php.ini /etc/php-backup.ini # Debian/Ubuntu/Linux Mint $ sudo cp /etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php-backup.ini
3. Open php.ini
Open php.ini file in a text editor
# CentOS/RHEL/Fedora $ sudo vi /etc/php.ini # Debian/Ubuntu/Linux Mint $ sudo vi /etc/php/7.0/cli/php.ini
4. Hide PHP Server Version
Look for expose_php directive and set its value to off
expose_php = off
5. Restart Apache Server
Restart Apache server to apply changes.
$ sudo service apache2 restart OR $ sudo service httpd restart
Run the following command to retrive response headers from your server.
$ sudo curl -I http://localhost OR $ sudo curl -I http://your_domain_or_ip_address
This will print the response headers and you will see that it does not contain PHP version.
In this article, we have learnt how to hide PHP version number to protect our websites from malicious attacks.