Don't Expose the PHP Version of your Joomla Site


Here is the relevant transcript for this video:

How to hide the PHP version on your Joomla site.Hey there, Joomla fans! Tim Davis here. I'm a Joomla fan too. Thanks for tuning in to today's Maintenance Monday Live-stream.

Welcome! Glad that you are tuning in. If you are watching live, put somewhere in the chat where are you from, and if you have any questions. I'll check that right after we get to our Maintenance item.

Hey, it would be great if you would subscribe and if you ring the bell you'll get notifications of new live-streams and tutorials when I get them up. Also, a reminder that every month we have a giveaway on the Basic Joomla channel: a one-year membership to manage one site on That is Phil Taylor's site; plenty of information on there to evaluate and audit your site and give you tips on how to maintain it and set it up so it's running efficiently and it's secure. A well-maintained Joomla site is a more secure Joomla site and security is part of the theme of what we're going to be looking at today.

Basically, what we're going to be looking at is how to turn off broadcasting what version of PHP your Joomla site is using. That's important because just imagine if someone called up your house and said excuse me, "What kind of locks are you using? I'd like to break into your house." You wouldn't answer and say, "Oh well I have such-and-such a lock. Just look it up and it'll be easier for you to break in." You would say. "Forget it! I'm not telling you." That's what we want to do with our Joomla sites so that it's not broadcasting or showing or answering what kind of PHP version we're using when we look.

To do that you need to add a line to a PHP.ini file. Now before we go any further forward make sure that you back up your site regularly. I'll put a card up top and a link below on how you can do that with Akeeba back up because that's just good practice and any time you get monkeying around with files in the back end of your site or in your hosting panel then you will you want to have a good backup just in case something happens or in case you do something that's not quite what I tell you to do right here.

To add the necessary line to the PHP.ini file, log in to the web hosting control panel, the file manager for your web hosting account. You could do this using an extension right in Joomla that gives you access to those files. The only problem is if you change something in a PHP.ini file that's incorrect or if another file gets messed up on an htaccess file, if you do it while you're using one of those extensions right inside of Joomla and your site crashes - you get the 500 server error - you're not going to be able to use that file manager again. You are going to have to go into your hosting account and use the file manager. So I think it's a good way, at least in these tutorials to start out using the file manager in your web hosting account so that if something does happen you can just easily undo the changes and then your site will be up again, and you won't be locked out.

So, go to your file manager and then to the administrator folder for your Joomla install. So right here, this is the site. This is basically the home folder. I would go to public html, and then to the administrator folder and it's in this administrator folder we're going to create a file.

Now your web host might not allow you to do this, in which case you're going to have to contact them and ask them how to do that. They may change the setting or where to put it. You're also always welcome to contact me at or Either will work and we can talk about hosting your site on the Cybersalt servers.

Once you’re able to create a file, you want to do in that in the administrator folder. Make the file PHP.ini. So, I'm going to click file plus. We'll name it php.ini and then we'll create that new file. Next, I'm going to right click on that and select edit and then I'm going to paste this line, “expose_php=off” in that file. We're turning the feature or the option to expose the PHP version that Joomla is using, that anything's using in this folder for that matter, off.

We're going to save the changes and there you have it. That will take care of it.

Now just to make sure that you've done it right and it's okay on your server why don't we go back to the site (where you can enter for that giveaway), we'll click on home and it's working.

So that's just a handy little tip to maintain your site. Turn expose PHP off so anybody that comes a-knockin’ asking, "Hey, what's an easier way for me break into your site?" Just shut them out and they don't get that information.

Thanks for watching. If this is helpful, it would be great if you subscribe and then ring that bell so you get notifications of new additions to the channel, new live streams, and new tutorials which are coming very soon.

As always, enjoy your Joomla sites and God bless.


subscribe basic joomla

subscribe cybersalt

earn coins bn