|
If you are a webmaster you know how risky is having a live website browsed by thousands of readers a day. As a matter of fact, among these people there may be hackers who look for ways to breach and exploit your website or blog for their own goals. That’s why you have to be very careful when it comes to releasing information regarding it. As a general rule, the less hackers know the better. An outdated version of software or a flawed plugin may put your website in jeopardy. Most websites and blogs are hosted on served running PHP code which is a language embedding HTML. Such a code is vital to run any site. By default, every request to a server will return to the browser a string containing information about PHP version. Let’s see how to hide and disable PHP version information thanks to a little, unknown trick!
Generally speaking, PHP code is rather secure. However, if your server is running an old, buggy PHP version, the version of the code could be used to breach your server and blog. Here is a simple trick to hide and disable PHP version information.
In the php.ini file locate the following command: expose_php. By default, it is set to on. Just turn it off.
expose_php = Off
In this way your server won’t return any information regarding the version of the PHP it is running.
Note: Please keep in mind that making the PHP version available it is not considered to be a threat in any way. It is only dangerous if your server is running an outdated PHP version.
Tags: security, trick, WebTalk
Related Articles
Latest Articles
If you can not find what you are looking for, you might want to try Google Advanced Search and get thousands of results, specifically selected for you. 
Google Advanced Search
|
8 Comments to “How to hide php version information on servers”
Leave a Comment
Best screen resolution 1280x800 or higher.
Web Talk is best viewed in Firefox.
Windows 7 How to's:
Vista and XP How to's:
Firefox How to's:
September 1st, 2009 at 7:44 am
Strange though it seems, i always assumed that a website hosted by a third party (website hosting company) would be much safer than just running the site yourself!
Cheers,
William
September 1st, 2009 at 8:29 am
Well, theorically speaking this trick works for both website hosting companies and private servers.
September 1st, 2009 at 9:29 am
Hi Frank, did you enjoy your holiday? & are the bloggers still on strike in Italy?
William
September 1st, 2009 at 9:41 am
Its just that i read an article about the Alfonso decree at http://news.bbc.co.uk/1/hi/programmes/click_online/8197639.stm
Would be a shame if this became law!
Cheers,
William
September 1st, 2009 at 9:42 am
Whoops, i meant Alfano decree……….
September 1st, 2009 at 9:56 am
Hi William! yes, I loved my holidays. I wish they lasted longer!
I haven’t heard anything over here about this strike. Can you enlight me?
September 1st, 2009 at 12:33 pm
Yeah i posted a link in the above post to where i saw the story from our bbc news reports here in the uk.
Apparently back in july there was a strike by Italian bloggers over a new law ( the Alfano decree)which will mean that if you had written something about somebody in a personal way or what they would believe to be personal about themselves in your blog, would put you in a situation where you have a certain amount of time (48hrs) to remove/edit your blog or face being fined upto 10,000 euros.
So basically the Italian goverment is putting the same law on websites has there are on newspapers.
I still do not know if this law has happened yet, if it does other Countries will follow with the same thing.
Cheers,
William
September 2nd, 2009 at 7:06 am
Thanks! I didn’t know about it at all. They have been tried to muzzle bloggers for a long time here. The actual government is not happy on how some bloggers refer to politicians in their blogs. That’s why they are trying to get the Alfano decree approved. Of course they tried to have it approved during the summer time when everybody is thinking about the beach or how to win at the Super Lotto!