In general, security by obscurity is one of the weakest forms of security. Suppose If I were exploiting a site, I wouldn’t check what scripting language the site runs on, because all that would matter to me is exploiting it. Hiding the fact that you use x language isn’t going to prevent me from bypassing poor security. But in some cases, every little bit of extra security is desirable. A few simple techniques can help to hide PHP, possibly slowing down an attacker who is attempting to discover weaknesses in your system. By setting expose_php to off in your php.ini file, you reduce the amount of information available to them. Another tactic is to configure web servers such as …
↧