The default PHP configuration allows the server HTTP response header ‘X-Powered-By‘ to display the PHP version installed on a web server.
For server security reasons, it is recommended that you disable this information from attackers who might be targeting your server.
Edit your PHP configuration file
/etc/php.ini and add the following:
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
expose_php = Off
[root@nowherelan]# systemctl restart httpd.service
Go to Geek Flare’s Test Site and check your website’s HTTP Response Header . It should no longer contain the HTTP response header ‘X-Powered-By‘ along with the version of PHP installed.
My System Configuration
- CentOS 7
- Apache 2.4
- PHP 7.3