PHP Security PHP Version Leakage

Help us to keep this website almost Ad Free! It takes only 10 seconds of your time:
> Step 1: Go view our video on YouTube: EF Core Bulk Insert
> Step 2: And Like the video. BONUS: You can also share it!

Example

By default, PHP will tell the world what version of PHP you are using, e.g.

X-Powered-By: PHP/5.3.8

To fix this you can either change php.ini:

expose_php = off

Or change the header:

header("X-Powered-By: Magic");

Or if you'd prefer a htaccess method:

Header unset X-Powered-By

If either of the above methods do not work, there is also the header_remove() function that provides you the ability to remove the header:

header_remove('X-Powered-By');

If attackers know that you are using PHP and the version of PHP that you are using, it's easier for them to exploit your server.



Got any PHP Question?