Sometimes we need to hide PHP version from our webserver to hide PHP version identy. It helps us to prevent malicious attacks. In this article, I’m going to show you the way to hide PHP versin.
Find PHP configuration file (php.ini) location:
php -i | grep 'Configuration File'
You’ll see the output like:
Configuration File (php.ini) Path => /etc Loaded Configuration File => /etc/php.ini
Now open the php.ini file:
sudo nano /etc/php.ini
Search for this line:
expose_php = on
Now change its value to:
expose_php = off
Now restart webserver:
sudo systemctl restart httpd # centos sudo systemctl restart apache2 # ubuntu
If you don’t have access to php.ini, you can do it from PHP code. We need to remove
X-Powered-By from header.
X-Powered-By is set by various servers to say what kind of server it is.
Just add this line add the begining of PHP file:
<?php header_remove("X-Powered-By"); ?>
We can aslo remove specefic header. Have a look at an example:
That’s all. Thanks for reading. 🙂
<?php header("X-Powered-By: CUSTOM-HEADER"); ?>