Hiding PHP Version by Removing “X-Powered-By” and “Server” Headers

Table of Content

  1. Why Hiding the PHP Version is Important
  2. How Security Ninja Helps
  3. Steps to Remove "X-Powered-By" and "Server" Headers
  4. Benefits of Removing These Headers
  5. Need More Help?

One simple security measure you can take to protect your WordPress site is to hide the PHP version by removing the “X-Powered-By” and “Server” headers from the HTTP response. This prevents potential attackers from knowing what version of PHP your site is running, making it harder for them to exploit any known vulnerabilities.

Hide PHP Version

Why Hiding the PHP Version is Important

Displaying the PHP version and server information in the HTTP headers can expose your website to security risks. Attackers can use this information to identify vulnerabilities specific to the PHP version you are running. By hiding these headers, you make it more difficult for malicious actors to exploit your site.

Back to Top

How Security Ninja Helps

Security Ninja includes a test that checks whether your PHP version and server details are exposed through the “X-Powered-By” and “Server” headers. If these headers are present, the test will alert you and provide recommendations to remove them.

Back to Top

Steps to Remove “X-Powered-By” and “Server” Headers

  1. Install Security Ninja: Ensure you have the Security Ninja plugin installed and activated on your WordPress site.
  2. Run Security Tests: Navigate to the Security Ninja dashboard and run the security tests.
  3. Review Results: If the test flags the presence of the “X-Powered-By” or “Server” headers, follow the provided recommendations to remove them.
  4. Use the One-Click Fix (Premium Version): For premium users, there’s an easy one-click solution available on the “Fixes” page to remove these headers automatically.
  5. Update .htaccess (for Free Users on Apache servers): Add the following lines to your .htaccess file to remove these headers: 
    
      
        Header unset X-Powered-By
        Header unset Server
  6. Update nginx.conf (for Free Users on Nginx servers): Add the following lines to your nginx.conf file: 
    
      server {
        ...
        more_clear_headers 'X-Powered-By';
        more_clear_headers 'Server';
        ...
      }
Back to Top

Benefits of Removing These Headers

  • Enhanced Security: Reduces the risk of targeted attacks by hiding specific server information.
  • Professionalism: Present a more polished and secure image to your site’s visitors.
Back to Top

Need More Help?

If you encounter any issues or need further assistance, please visit our documentation page or contact our support team.

Back to Top

Was this helpful?

Previous Article

Hide Windows Live Writer - WLW