Level 65
To be honest, it may be a small risk but if someone wants to exploit it, they will try anyway.
Most exploiters have a script to run to check for them regardless of the version shown.
Nov 23, 2014
6
Level 17
PHP header is showing the PHP version
Hello @JeffreyWay
On all your pages here at laracasts.com you have a header on the request that is showing us your PHP version, and for security reasons i recommend that you do NOT send out this header (X-Powered-By)
Or if you do have a reason to show us this information could you then give me that?
Because i see this as a security risk
Level 3
By the way it's clear from the URL structure, that laracasts runs on Laravel. And Laravel requires PHP 5.4+, Since 5.4 nothing big has happened with PHP regarding security. So even hiding it wont make any difference.
Level 65
One that could be hidden is the nginx version, there's only two exploits for 1.6.0 and I'm not sure they'd every be used since it's local network exploit.
Level 17
@rapliandras: Yes, you can say that but it's an suggestion for security by not showing the version number here you do not expose yourself by making it easy for the attacker.
@bashy: Yes, I know it's a very small risk if any but hiding sensitive informations like version numbers is ALWAYS the best option regarding security.
Level 17
Nothing else to say guys?
Level 65
Would of replied if so
Please or to participate in this conversation.