Hiding PHP Version by Removing “X-Powered-By” and “Server” Headers

One simple security measure you can take to protect your WordPress site is to hide the PHP version by removing the “X-Powered-By” and “Server” headers from the HTTP response. This prevents potential attackers from knowing what version of PHP your site is running, making it harder for them to exploit any known vulnerabilities.

Hide PHP Version

Why Hiding the PHP Version is Important

Displaying the PHP version and server information in the HTTP headers can expose your website to security risks. Attackers can use this information to identify vulnerabilities specific to the PHP version you are running. By hiding these headers, you make it more difficult for malicious actors to exploit your site.

How Security Ninja Helps

Security Ninja includes a test that checks whether your PHP version and server details are exposed through the “X-Powered-By” and “Server” headers. If these headers are present, the test will alert you and provide recommendations to remove them.

Steps to Remove “X-Powered-By” and “Server” Headers

  1. Install Security Ninja: Ensure you have the Security Ninja plugin installed and activated on your WordPress site.
  2. Run Security Tests: Navigate to the Security Ninja dashboard and run the security tests.
  3. Review Results: If the test flags the presence of the “X-Powered-By” or “Server” headers, follow the provided recommendations to remove them.
  4. Use the One-Click Fix (Premium Version): For premium users, there’s an easy one-click solution available on the “Fixes” page to remove these headers automatically.
  5. Update .htaccess (for Free Users on Apache servers): Add the following lines to your .htaccess file to remove these headers:
    
          <IfModule mod_headers.c>
            Header unset X-Powered-By
            Header unset Server
          </IfModule>
        
  6. Update nginx.conf (for Free Users on Nginx servers): Add the following lines to your nginx.conf file:
    
          server {
            ...
            more_clear_headers 'X-Powered-By';
            more_clear_headers 'Server';
            ...
          }
        

Benefits of Removing These Headers

  • Enhanced Security: Reduces the risk of targeted attacks by hiding specific server information.
  • Professionalism: Present a more polished and secure image to your site’s visitors.

Need More Help?

If you encounter any issues or need further assistance, please visit our documentation page or contact our support team.

Was this helpful?