Server related things for PHP Developers

As a developer, we should also check at the server’s end to minimize the possibility to exploit our applications and try to make it harder to crack. So here we provide some useful information that we should look at once.

 

1) Server Signature: It’s a public identification of your server and holds important data that could be used to expose any known vulnerability. We should keep server signature OFF and is considered as a good security practice, to avoid disclosure of what software versions you are running. So you can turn it off by creating a .htaccess file in the root directory and add below line into it.

ServerSignature Off

 

2) Hide Website Technology Stack: It’s better to not show any technology-related information to the public about your web application because that can also help attackers to crack. You can hide those by adding below lines into your .htaccess file

php_flag display_startup_errors off
php_value docref_root 0
php_value docref_ext 0

 

Also need to create a php.ini file into the root directory and add below the line,

expose_php=off

 

3) Dedicated IP for server: It is advisable to buy a server from those companies who provide a dedicated IP to each server. As a dedicated IP for your server helps to deliver emails to the user’s inbox. Spamming done by another website on the same IP can also affect your website performance and rating. Eg. Namecheap provides unique Ip for their server.

 

 

 

Follow my other blogs here