If your website pages are served via php programs, it is a good practice to hide this information from being displayed in http response headers and error pages. This will make it difficult for potential hackers to find out that your backend code is php and also prevent them from finding out which versions of apache and php your server uses.
This can be done very easily by adding a few lines of directives in your root .htaccess file and making a small change in your php.ini file.
The .htaccess file is essentially a file without a name but only the extension .htaccess. It provides a way to make configuration changes on a per-directory basis. An .htaccess file containing required configuration directives can be put in a specific document directory, and the directives will apply to that directory and all sub-directories under it. In most cases, one .htaccess file kept under your website home directory, viz. public_html directory, shall suffice.
Not letting anyone know the backend code that delivers your web pages is a kind of security measure. Further, a web page url looks cleaner without the .php extension at the end. To achieve this, simply open your .htaccess file in a text editor and add the below directives.
##URL Rewrite to remove .php extension from URLs RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}.php -f RewriteRule ^([^\.]+)$ $1.php [NC,L]
In case you do not find the .htaccess file in your website home directory, change your directory viewing preferences from the Settings interface in your cPanel's File Manager, as shown below. If you still do not find it, it means that it does not exist - so you can create one using a text editor.
Exposing web server signature with Apache/PHP version info can be a security risk as once hackers get to know your apache and php versions, they know the vulnerabilities of your system (as every version has known vulnerabilities). Hence it is also recommended that you disable all web server signatures by adding the below directive in your .htaccess file.
##Disable server signature ServerSignature Off
The line ServerSignature Off tells Apache to hide version info on any error pages.
In the HTTP response headers, apache server includes the PHP version info via a field labeled as X-Powered-By. To hide the PHP version info in HTTP headers, open your php.ini file in a text editor, look for expose_php = On, and change it to expose_php = Off.
You can find your php.ini file under the public_html directory. If you do not find one there, just create it using a text editor. Alternatively, check if your cPanel provides you an interface to edit the php.in file. This can be found under the MultiPHP INI Editor section in your cPanel, as shown below.
How to move your Email accounts from one hosting provider to another without losing any mails?
How to resolve the issue of receiving same email message multiple times when using Outlook?
Self Referential Data Structure in C - create a singly linked list
Mosquito Demystified - interesting facts about mosquitoes
Elements of the C Language - Identifiers, Keywords, Data types and Data objects
How to pass Structure as a parameter to a function in C?
Rajeev Kumar is the primary author of How2Lab. He is a B.Tech. from IIT Kanpur with several years of experience in IT education and Software development. He has taught a wide spectrum of people including fresh young talents, students of premier engineering colleges & management institutes, and IT professionals.
Rajeev has founded Computer Solutions & Web Services Worldwide. He has hands-on experience of building variety of websites and business applications, that include - SaaS based erp & e-commerce systems, and cloud deployed operations management software for health-care, manufacturing and other industries.