How To Disable Server Signature By Editing Apache/.htaccess file
Hosting types Reviews Comparisons Resources Hosting Coupons 313
$USD EN
Rating Methodology Advertising disclosure

How To Disable Server Signature By Editing Apache/.htaccess file

David Malcom
David Malcom
Author 2 min read

There are numerous ways on how your website can have a security threat. The information in a server signature can also be dangerous to your system. Sites like whatsmyip can display your information.

Server Signature is an important piece of information about your server and operating system.

For example suppose you are using an Apache server with Ubuntu operating system. The version number of Apache Server and Operating System information will be displayed in the server signature.

These signatures displayed on error pages, and in other communications with the web server, may reveal sensitive information about the software versions running on the web server.

You need to disable your server signature if you want to protect yourself from imminent threats when you reveal your signature. In this tutorial, you will learn how you can disable server signature by editing the Apache/.htaccess file.

Step 1:

First you need to find the config file of Apache. The location of the file is different for different operating systems. Before you edit Htaccess/Apache config files, it is advisable to create a backup of configuration file. So that you can go back to previous state if something went wrong.

In CentOS/Fedora you can find the config by hitting the following command in the terminal

$ sudo vi /etc/httpd/conf/httpd.conf

Similarly, the config file for Ubuntu/Debian can be found by the following command

$ sudo vi /etc/apache2/apache2.conf

Step 2:

Now, that you have located your config file, you need to add the following lines of code to your Apache Config file to turn off the server signature

ServerSignature Off
ServerTokens Prod

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header.

Step 3:

To turn off Server signature on a WordPress site, you need to access the .htaccess file. This file is located in the root directory of WordPress inside the public_html folder.

Step 4:

Locate the .htaccess file and Right click on it to Edit it. You can also use a FTP client application to access your website root directory and edit the .htaccess file.

Step 5:

You need to add some lines of code to your .htaccess file in order to turn off the server signature.

# Disable server signature #
ServerSignature Off

Step 6:

You can also disable Server Signature using a WordPress plugin called WP htaccess Control.This plugin can directly disable server signature. It is a free plugin and is useful for beginners who are new to WordPress. The plugin method is not recommended to edit the htaccess file.

Conclusion

In this guide you learnt how you can turn off server signature by editing the Apache/.htaccess file. There are few WordPress plugins that can do the same. Usually, it is not advised to use the Plugins for latest version of WordPress.

Check out these top 3 Best web hosting services

Hostinger
4.6
2,443 user reviews
$2.99 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
IONOS
4.0
382 user reviews
$1.00 /mo
Starting price
Visit IONOS
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.3
Ultahost
4.9
823 user reviews
$2.90 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How to Enable Apache Mod_Rewrite on an Ubuntu 18.04 VPS or Dedicated Server

In this tutorial, we will cover the basics of enabling mod_rewrite on an Ubuntu
3 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Harden the Apache web server on a CentOS 7 VPS or Dedicated Server

In this how-to article, we illustrate how to harden an Apache web server, runnin
2 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Harden Your Apache Web Server on an Ubuntu 18.04 Dedicated Server or VPS

Apache as one of the most popular web servers is susceptible to hacking attacks.
3 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Disable Directory Browsing On Apache Running on an Ubuntu 18.04 Virtual Server or Dedicated Server

In this article, you’ll learn how to disable the default apache behavior for dis
3 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top