expose_php is a PHP directive that determines whether the used version of PHP should be mentioned in the HTTP respond. It is highly recommended to switch it off to hide the PHP version. Exposing PHP version is not a security risk by itself and will not stop a determined hacker but it will protect you if an attacker is running an automated scan to discover potential sites running a particular version. This scenario is possible if for example a new vulnerability is discovered and the attacker needs to quickly locate as many vulnerable systems as possible.
Turning expose_php off
To turn expose_php off locate expose_php inside the php.ini file and changed it as shown below. If you can't locate it inside the file you need to add yourself.
expose_php = 'off'
0 评论:
发表评论