Hide PHP version from server headers

If you’ve ever examined the headers produced by a server running PHP, you may have seen this amongst them:

X-Powered-By: PHP/5.2.12

This little piece of information tells the world that you are running PHP version 5.2.12. Whilst I don’t believe that security through obscurity is a panacea, there’s little point in giving away useful information to potential attackers regarding the versions of software you are running.

If you want to stop this header appearing, find the expose_php setting in php.ini and disable it, like so:

expose_php = Off;

If you’re using mod_php, you’ll probably need to restart Apache for this to take effect.


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.