Turn Off Expose_PHP (Hide X-Powered-By) PHP.ini

We highly recommend to disable (turn off) expose_php on your web server to enhance the security. By default, PHP shows its version information on the HTTP request headers via X-Powered-By and this is not good, because you are giving out useful information to a possible attacker:

HTTP/1.1 200 OK
Date: Thu, 19 May 2016 23:48:39 GMT
Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.45
Cache-Control: max-age=2592000
Expires: Sat, 18 Jun 2016 23:48:39 GMT
Vary: User-Agent,Accept-Encoding
Content-Type: text/html

So it is best to turn off expose_php and hide the X-Powered-By field in the HTTP response headers. That way an attacker can’t identify what version of PHP is installed in your server.

Edit your PHP.ini file:

vi /etc/php5/fpm/php.ini

Turn off the expose_php value:

expose_php = Off

Restart the PHP servie:

/etc/init.d/php5-fpm restart

More Related Posts