How to Hide PHP Version and Errors
Showing your PHP version and raw errors to visitors hands useful information to attackers. Two quick settings close that gap.
Step-by-step
- Open Software → MultiPHP INI Editor and select your domain.
- Set display_errors to Off so PHP errors are never shown to visitors (they still go to the error log).
- Set expose_php to Off if available (Editor Mode:
expose_php = Off) so the server stops advertising its PHP version in headers. - Click Apply.
- In WordPress, ensure WP_DEBUG is false in wp-config.php on the live site.
- Verify by triggering a known error — visitors should see a generic message, while the detail appears only in your log.
💡 Good to know
- Always log errors, never display them, on a live site.
- Keep PHP itself current too — hiding the version is no substitute for updating it (change PHP version).
- Run Security Advisor to catch other easy wins.