PHP Security PHP Version Leakage


By default, PHP will tell the world what version of PHP you are using, e.g.

X-Powered-By: PHP/5.3.8

To fix this you can either change php.ini:

expose_php = off

Or change the header:

header("X-Powered-By: Magic");

Or if you'd prefer a htaccess method:

Header unset X-Powered-By

If either of the above methods do not work, there is also the header_remove() function that provides you the ability to remove the header:


If attackers know that you are using PHP and the version of PHP that you are using, it's easier for them to exploit your server.