hide php version number in wordpress/apache

How to Hide PHP Version in WordPress/Apache

PHP is a popular web development platform used by millions of websites. It is important to hide the sensitive information about your PHP server to avoid malicious attacks. Since PHP is so widely used, many hackers try to exploit PHP vulnerabilities to harm PHP based CMS such as WordPress. In this article, we will look at how to hide PHP version in WordPress/Apache.


How to Hide PHP Version in WordPress/Apache

Typically, if you look at the response headers from your website, you will see something like the following which gives away the PHP version. Hackers can use this information to exploit your website.

X-Powered-By: PHP/5.2.17

Here are the steps to hide PHP version in WordPress/Apache and other PHP-based websites.


1. Locate PHP configuration file

Open terminal and run the following command to locate the PHP configuration file php.ini on your system.

$ php -i | grep "Loaded Configuration File"

You will see the following output

# CentOS/RHEL/Fedora
Loaded Configuration File => /etc/php.ini

# Debian/Ubuntu/Linux Mint
Loaded Configuration File => /etc/php/7.0/cli/php.ini


2. Create Backup

Create a backup of the above file before you proceed, as it is a very important configuration file required for proper functioning of your PHP website.

# CentOS/RHEL/Fedora
$ sudo cp /etc/php.ini /etc/php-backup.ini

# Debian/Ubuntu/Linux Mint
$ sudo cp /etc/php/7.0/cli/php.ini /etc/php/7.0/cli/php-backup.ini


3. Open php.ini

Open php.ini file in a text editor

# CentOS/RHEL/Fedora
$ sudo vi /etc/php.ini

# Debian/Ubuntu/Linux Mint
$ sudo vi /etc/php/7.0/cli/php.ini


4. Hide PHP Server Version

Look for expose_php directive and set its value to off

expose_php = off


5. Restart Apache Server

Restart Apache server to apply changes.

$ sudo service apache2 restart
OR
$ sudo service httpd restart

Run the following command to retrive response headers from your server.

$ sudo curl -I http://localhost
OR
$ sudo curl -I http://your_domain_or_ip_address

This will print the response headers and you will see that it does not contain PHP version.

In this article, we have learnt how to hide PHP version number to protect our websites from malicious attacks.

Also read:

How to Prevent Direct Access to PHP File
How to Setup SSL/HTTPS in NodeJS
How to Append File in NodeJS
How to Fix NGINX Upstream Timed Out Error
How to Define & Use Variables in Apache

Leave a Reply

Your email address will not be published.