How to Secure PHP Version Leakage

From WikiHTP

By default, PHP will tell the world what version of PHP you are using. PHP version leakage is the common vulnerabilities in web applications. Newer version of PHP is more secure than the older version of PHP. Every version may have some vulnerabilities. If attackers know that you are using PHP and the version of PHP that you are using, it's easier for them to exploit your server. For example,

X-Powered-By: PHP/5.3.8

So, It is the better idea to hide your PHP version leakage.

Fixing Issues[edit]

There are many ways to hide you PHP version leakage. You can either change php.ini:

expose_php = off

Or change the header:

header("X-Powered-By: Magic");

Or if you'd prefer a htaccess method:

Header unset X-Powered-By

If either of the above methods does not work, there is also the header_remove() function that provides you the ability to remove the header:

header_remove('X-Powered-By');

Related[edit]

About This Tutorial

This page was last edited on 28 January 2019, at 07:36.