Generally speaking, improving safety by means of concealment is considered a less useful practice. But in some cases, it is worthwhile to add as much security as possible.
Some simple ways to help hide PHP can make it more difficult for attackers to find weaknesses in the system. Setting expose_php = off in the php.ini file reduces the useful information they can get.
Another strategy is to have the Web server parse different extensions with PHP. Whether you are using a. htaccess file or an Apache configuration file, you can set the file name extension that can mislead the attacker:
Example #1 to hide PHP as another language
# make PHP look like other programming languages AddType application/x-httpd-php. asp. py. pl
Or simply hide it completely:
Example #2 Use an unknown extension as the extension of PHP
# make PHP look like an unknown file type AddType application/x-httpd-php. Bop. Foo. 133t
or hide it as an HTML page so that all the HTML files are going through the PHP engine, adding a load to the server:
Example #3 PHP file suffix with HTML
# make the PHP code look like an HTML page AddType application/x-httpd-php. htm. html
For this method to take effect, you must change the extension of the PHP file to the extension above. This improves security by hiding, albeit with a low defensive capability and a few drawbacks.