There are numerous ways on how your website can have a security threat. The information in a server signature can also be dangerous to your system. Sites like whatsmyip can display your information.
Server Signature is an important piece of information about your server and operating system.
For example suppose you are using an Apache server with Ubuntu operating system. The version number of Apache Server and Operating System information will be displayed in the server signature.
These signatures displayed on error pages, and in other communications with the web server, may reveal sensitive information about the software versions running on the web server.
You need to disable your server signature if you want to protect yourself from imminent threats when you reveal your signature. In this tutorial, you will learn how you can disable server signature by editing the Apache/.htaccess file.
First you need to find the config file of Apache. The location of the file is different for different operating systems. Before you edit Htaccess/Apache config files, it is advisable to create a backup of configuration file. So that you can go back to previous state if something went wrong.
In CentOS/Fedora you can find the config by hitting the following command in the terminal
$ sudo vi /etc/httpd/conf/httpd.conf
Similarly, the config file for Ubuntu/Debian can be found by the following command
$ sudo vi /etc/apache2/apache2.conf
Now, that you have located your config file, you need to add the following lines of code to your Apache Config file to turn off the server signature
ServerSignature Off ServerTokens Prod
The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.
The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header.
To turn off Server signature on a WordPress site, you need to access the .htaccess file. This file is located in the root directory of WordPress inside the public_html folder.
Locate the .htaccess file and Right click on it to Edit it. You can also use a FTP client application to access your website root directory and edit the .htaccess file.
You need to add some lines of code to your .htaccess file in order to turn off the server signature.
# Disable server signature # ServerSignature Off
You can also disable Server Signature using a WordPress plugin called WP htaccess Control.This plugin can directly disable server signature. It is a free plugin and is useful for beginners who are new to WordPress. The plugin method is not recommended to edit the htaccess file.
In this guide you learnt how you can turn off server signature by editing the Apache/.htaccess file. There are few WordPress plugins that can do the same. Usually, it is not advised to use the Plugins for latest version of WordPress.