Articles in this section

See more

How to remove PHP version from the X-Powered-By HTTP header on Plesk server?

Avatar
Nelson Leiva
Updated
Follow
Plesk for Linux kb: how-to ABT: Group A

Applicable to:

  • Plesk for Linux

Question

How to remove PHP version from the X-Powered-By HTTP header?

Answer

For a specific website:

  1. Log in to Plesk.

  2. Navigate to Domains > example.com > PHP Settings.

  3. Put the following line to the Additional configuration directives section:

    CONFIG_TEXT: expose_php = off

  4. Verify that the header is not shown anymore:

    # curl -sIL example.com/index.php | grep -c PHP

For all websites using a specific PHP handler:

  1. Connect to the Plesk server via SSH.

    Note: If direct SSH access to the server is not possible, contact server administrator for further assistance.

  2. Check if php.ini file for the handler contains the expose_php directive:

    # cat /opt/plesk/php/X.X/etc/php.ini | grep expose_php
    expose_php = On

    • where X.X - a PHP version, e.g. 5.6, 7.0, 7.1, etc

  3. If the directive is present (the output of the command from step 2 is the same), change expose_php = On to expose_php = Off.
    If not, create a new .ini configuration file in the appropriate PHP directory:

    # echo 'expose_php = off' > /opt/plesk/php/X.X/etc/php.d/hideheader.ini

    • where X.X - a PHP version, e.g. 5.6, 7.0, 7.1, etc

  4. Reload the Plesk PHP service configuration:

    # service plesk-phpXX-fpm reload

    • where phpXX - a PHP version, e.g. php56, php70, php71, etc.

    • If the domains are using PHP FastCGI it is necessary to restart Apache webserver:

      # systemctl restart httpd

  5. Verify that the header is not shown anymore:

    # curl -sIL example.com/index.php | grep -c PHP

For webmail:

  1. Connect to the Plesk server via SSH.

    Note: If direct SSH access to the server is not possible, contact server administrator for further assistance.

  2. In /etc/psa-webmail/horde/horde/php.ini or /etc/psa-webmail/roundcube/php.ini set expose_php parameter as below:

    CONFIG_TEXT: expose_php = Off

  3. Restart Apache:

    # service httpd restart

  4. Verify that the header is not shown anymore:

    # curl -sIL webmail.example.com/index.php | grep PHP

Comments

2 comments

Sort by Date Votes
  • Avatar
    Maxim Krasikov

    Hello @Arvind Kumar Madhukar,

    Both approaches are correct.
    If expose_php is set to Off directly in php.ini or included as php.d/hideheader.ini,  PHP version displaying is disabled in these cases.

    It can be checked using a query like the following:
    # /opt/plesk/php/X.X/bin/php -i | grep expose_php
    expose_php => Off => Off

    0
    Comment actions Permalink
  • Avatar
    Arvind Kumar Madhukar

    Hey !

     

    I have followed the same steps but it wasn't working, in order to accomplish the same, i have manually edit the each fpm php.ini file and reload the same.

    Example For X.X

    /opt/plesk/php/X.X/etc/php.ini

    change expose_php = On to expose_php = Off

    where X.X is my php versions.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles