Allowing the malicious users of the world more information than is absolutely necessary doesn’t make sense and is simply inviting them to run automated scanning tools to discover old and outdated versions of PHP and Apache before attempting to breach the system using known vulnerabilities with that version. Although it will not completely hide the fact you are using either system, you can easily remove the HTTP headers that are sent as part of every response by PHP and Apache, advertising their version number.
To reduce the security risk of your server, you should implement this, but remember that it will not hide the fact that you are using either software, it will simply not advertise the fact.
Continue reading “Obscuring PHP and Apache versions for security best practice”