1. Hide Nginx in http status
1. Enter the nginx configuration file directory (this directory is determined by the installation time) and use vim to edit and open it.
The code is as follows: |
Copy code |
# Vim nginx. conf Add server_tokens off in http {-}; for example: Http { ...... Omitted Sendfile on; Tcp_nopush on; Keepalive_timeout 60; Tcp_nodelay on; Server_tokens off; ....... Omitted } |
2. Edit the php-fpm configuration file, such as fastcgi. conf or fcgi. conf. (the configuration file name can also be customized and changed based on the specific file name ):
The code is as follows: |
Copy code |
Find: Fastcgi_param SERVER_SOFTWARE nginx/$ nginx_version; Changed: Fastcgi_param SERVER_SOFTWARE nginx; |
3. Reload nginx configuration:
The code is as follows: |
Copy code |
#/Etc/init. d/nginx reload |
This completely hides the nginx version.
Of course, the server_tag can be forged, as shown in figure
Server_tag BAT/1.1;
So we can see that the effect is different.
2. Hide the apache version number
Apache can also hide version information.
Need to add in httpd. conf
The code is as follows: |
Copy code |
ServerTokens ProductOnly ServerSignature Off |
At the same time, wordpress uses php, so php also requires related security settings
In php. ini
The code is as follows: |
Copy code |
Expose_php = Off # hide the php version number Disable_functions = system, exec, shell_exec, passthru, popen, dl, phpinfo # Disable dangerous functions Display_errors = Off # disable error logs Allow_url_fopen = Off # disable remote url opening Safe_mode = On # enable the security mode of php |