You probably landed up here after you removed the WordPress version number from the source code. Now if you want to hide your PHP version as well, there are three methods we suggest. One is through ‘PHP Configuration‘, the second by editing ‘php.ini‘ and the third is to add unset rules to ‘.htaccess‘. By hiding the PHP version numbers from the public, your website may be less prone to attacks. It is important to read the documentation before proceeding.
The reason why folks prefer to hide their PHP versions is here. A backdoor may be created through an existing plugin that is not tested for the current versions of PHP and WP.
If the hacker knows any vulnerability in any such plugins which can be breached if the right version of WP and PHP is used on the site.
If both the WP and PHP versions are hidden, hackers may not worry about breaching your site. If the versions are known along with the version of the plugin which exposes that vulnerability, why wouldn’t hackers take that chance?
Before proceeding, let us know the current version of PHP on which your WordPress site is running. You can go to Tools > Site Health > Info > Server > PHP Version.
When on any page of your site, press F12 for Inspect window. Select Network and Refresh the Page. Click on the first item in the list which is nothing but your site address.
Once selected, open Header and scroll down to x-powered-by: which will display your current PHP version number. There are three ways to hide this which are explained below.
Note: Some C-Panel Hosting hides the PHP version from the public by default. If your PHP version is already hidden, you need not proceed with anything below.
Edit PHP Configuration
This is the easiest and safest method to hide your PHP version. Not all hosts support this feature. Below is a screenshot of Hostinger’s PHP configuration window. For any custom hosting panel, you will find an option somewhere on the panel to Edit PHP Configuration.
And when you check back your site, you shouldn’t see any of those X-Powered-By headers which expose your PHP information.
If you face any difficulties finding that option, you can try contacting your host. If you are using C-Panel, follow the below method by editing php.ini.
php.ini Method to Hide PHP Version
In order to Hide PHP information, just edit the php.ini on your Hosting Panel. First, locate the file. Open it. Locate ‘expose_php’ in that file and change its value as below.
expose_php = offNow recheck the headers. Search for PHP version. You shouldn’t find it.
It is only possible to edit php.ini in limited Hostings. Please contact your Host to make these changes for you. Editing PHP.ini on your Hosting Panel may break all the sites in that hosting.
If your host doesn’t support making changes to the PHP configuration of your site, it means probably, they won’t support it for shared hosting plans. It doesn’t matter whether you use C-Panel or any other Customized Panel. If nothing works try the method below.
htaccess Method to Hide PHP Version
Before trying this method, have a word with your hosting provider in case you couldn’t edit/ find the php.ini. Every hosting provider has its own procedures. Disabling the PHP version info at the PHP level is always better.
Simply add this code to your ‘.htaccess’ file. This will hide the PHP version by removing the X-Powered-By entry from the HTTP header.
#Unset X-Powered-By from Page Header
<IfModule mod_headers.c>
Header unset X-Powered-By
Header unset Server
</IfModule>Once the code is added, and when you recheck the headers by refreshing the page, you shouldn’t find any instance which exposes your PHP version number.
Congratulations! Your WordPress is now less prone to attacks. If this article was useful, please let us know through comments. In case you are facing any troubles, let us try to solve them together.