The PHP version is revealed in the HTTP headers by default on nginx. This can be demonstrated by CURLing the URL of your choice.

curl -I https://www.yoururl.com/

Hide PHP Nginx Curl X-Powered-By.jpg

This is dangerous as attackers can run automated scripts to find your vulnerable PHP version (then, for example, adding it into a database of websites to hack).

To fix this, add this code under http in your nginx.conf:

expose_php off;

Then restart using:

systemctl restart nginx (in CentOS)

Advertisements