How to Hide PHP Version in Linux

Published on April 13, 2021 39 sec read

Sometimes we need to hide PHP version from our webserver to hide PHP version identy. It helps us to prevent malicious attacks. In this article, I’m going to show you the way to hide PHP versin.

Solution 1

Find PHP configuration file (php.ini) location:

php -i | grep 'Configuration File'

You’ll see the output like:

Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini

Now open the php.ini file:

sudo nano /etc/php.ini

Search for this line:

expose_php = on

Now change its value to:

expose_php = off

Now restart webserver:

sudo systemctl restart httpd # centos
sudo systemctl restart apache2 # ubuntu

Solution 2

If you don’t have access to php.ini, you can do it from PHP code. We need to remove X-Powered-By from header. X-Powered-By is set by various servers to say what kind of server it is.

Just add this line add the begining of PHP file:

<?php header_remove("X-Powered-By"); ?>

We can aslo remove specefic header. Have a look at an example:

<?php header("X-Powered-By: CUSTOM-HEADER"); ?>
That’s all. Thanks for reading. 🙂

Monthly Newsletter

One email a month, packed with the latest tutorials, delivered straight to your inbox.
We'll never send any spam or promotional emails.

Hey, I'm Md Obydullah. I build open-source projects and write article on Laravel, Linux server, modern JavaScript and more on web development.