Pagoda panel really easy for PHP management software store where you can install various versions, multiple versions can coexist, this estimate is lnmp, oneinstack the scripts can not be compared. However, pagoda panel installed PHP version number is not hidden by default, such as this:
W3Techs network technology research firm, said recently, according to all of the sites use PHP versions, starting from January 1, 2019, nearly 62% of the site will because they can not get security updates and malicious attacks.
According to the survey W3Techs from the 15th of this month, the proportion of its website the study sample used in PHP as high as 78.9%, the proportion of sites with PHP 5 has reached 61.8%. In subversion, the proportion PHP 5.6 version of the site was 41.5%, the highest percentage use version 5.
According to a supported version of PHP official website and schedules listed (below), PHP 5.6 released in 2014, major support was closed January 19, 2017, security support will end December 31, 2018.
Newer PHP 7.0 will no longer provide security support in EOL December 1 of this year (End of Life). Even the 7.1 version will also be terminated on December 1. A year after the end of security support.
Therefore, Hidden PHP version and PHP services can really solve some problems! It can be said to be very easy to use! So the bird hide on how to disable PHP version number and some common PHP critical function in this article to nag.
A: Hidden PHP version number
PHP management pagoda panel found expose_php = On to change expose_php = Off: 
Save and restart PHP you can! We first look at the Web server, as follows: 
so that we can hide the PHP version number.
Two: NINGX version Hide
宝塔面板 5.9 至 6.9.3 全系默认都是已经隐藏了 NINGX 版本号,如果你的的没有隐藏或者因为某种原因更改过了规则,我们添加 server_tokens off 来更改。如下:
-
http{ -
-
……省略
-
-
limit_conn_zone $binary_remote_addr zone=perip:10m; -
limit_conn_zone $server_name zone=perserver:10m; -
-
server_tokens off; -
access_log off; -
-
……省略
-
}
设置好重启 Nginx,之后我们可以用命令测试下:
-
curl -I www.22vd.com
丢一张图看看效果:
看到 PHP 版本号和 Nginx 版本号都被隐藏,宝塔面板默认是隐藏了,如果是别的面板或者命令环境可以参考这里。
三:危险函数
宝塔面板 PHP 管理中有危险函数的管理,PHP 管理→禁用函数,如下:
这面板够贴心吧,连常用的危险函数已经默认给我们禁用了,如果你还有别的函数要禁用可以在上面添加保存。如果你需要用某些功能,那可以删除禁用函数,让其变的可用。
建议在主机上禁用的函数:
-
disable_functions = system,exec,shell_exec,passthru,proc_open,proc_close, proc_get_status,checkdnsrr,getmxrr,getservbyname,getservbyport, syslog,popen,show_source,highlight_file,dl,socket_listen,socket_create,socket_bind,socket_accept, socket_connect, stream_socket_server, stream_socket_accept,stream_socket_client,ftp_connect, ftp_login,ftp_pasv,ftp_get,sys_getloadavg,disk_total_space, disk_free_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
打开 PHP.INI,找到这行:disable_functions = 在后面那里加上要禁用的函数,如禁用多个函数,要用半角逗号 , 分开。
Pagoda panel just for visualizing these, we look at the source code for a disabled pagoda panel PHP.INI, the path: /www/server/php/72/etc/php.ini 
this function question my approach to it as appropriate.
Four: summary
Pagoda panel is not hidden by default PHP version number, Nginx version number is hidden by default, common risk function is disabled by default.
So we just need to hide PHP version, there is a place worthy of note: the default index.html New Web Site to be deleted, because too much information is leaked, we look at this: