How can I find the version of PHP that is running on a website?

Moebuntu

Well-known member
Joined
Jul 1, 2016
Messages
103
Best answers
0
Ratings
2 1
Points
18
#1
I am using Php 5.6 and i want to upgrade to PHP 7 but i am not sure there are many websites out there are using this version. Is there a tool that allow me to find the version of php that is running on a website?
 

LJSHost

Well-known member
Joined
Jul 5, 2016
Messages
1,031
Best answers
0
Ratings
203
Points
63
#2
<?php

phpinfo();

?>

Save this in a file called phpinfo.php and upload it to your public_html. access the file yourdomain.com/phpinfo.php and you will see all your php information.
 
Joined
May 12, 2016
Messages
50
Best answers
0
Ratings
9
Points
8
#4
You can find information pressing F12 and then like on screen the configs tell what PHP version is used on server

find_php_version.png
 

ohostme

Active member
Joined
Jun 4, 2016
Messages
76
Best answers
0
Ratings
4
Points
8
#5
You can use phpinfo.php method as ljshost mentionned or you can contact you hosting provider and ask them.
 

Moebuntu

Well-known member
Joined
Jul 1, 2016
Messages
103
Best answers
0
Ratings
2 1
Points
18
#6
Everyone could misunderstand my meaning, I wanted to know the PHP version of a website that I don't own.
Not mine.
 

David Beroff

Well-known member
Joined
Jun 14, 2016
Messages
1,080
Best answers
0
Ratings
110 1
Points
63
#7
Interesting question but I think it is impossible because no one will allow you trace their server information like PHP version, OS version, Disk type, CPU cores..etc.. on their server.

I also tried a tool but it only returned the output like this without detect obviously php version.

phpversion.png
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#8
Finding PHP Version running on a website is not impossible, but most of time Headers are hidden from exposing to public to prevent hackers from finiding vulnerabilities. However you can find headers from chrome developer tools as suggested by @hyperhost you can see x-powered-by:pHP/5.6.30 which confirms that the website is using php 5.6.30.

Another way is to use a online SaaS tool like this https://securityheaders.io/ which shows up X-Powered by header information, if your target website exposing php version publicly. Hope this helps you. Thank you.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#10
I checked a few website and it worked but some websites didn't display x-powered-by.
Some websites if did not display x-powered by that means, either they are not using PHP or the website owners have turned off this header for security reasons.

Why they could hide this info. Is is a configuration on web hosting?
They can hide information, as it is not safe to expose php version number publicly. Hackers target websites by looking at weak php, plugins, extensions etc... to get access to systems. Due to this reason security conscious people hide headers that are vulnerable.

Its configurable in hosting. Go to php.ini file there you can see a line with expose_php = On; turn it to Off and you are done. Now the X-Powered by header will not be displayed to anyone.

See this for more details: http://www.ducea.com/2006/06/16/apache-tips-tricks-hide-php-version-x-powered-by/

Thanks
 

David Beroff

Well-known member
Joined
Jun 14, 2016
Messages
1,080
Best answers
0
Ratings
110 1
Points
63
#11
They can hide information, as it is not safe to expose php version number publicly. Hackers target websites by looking at weak php, plugins, extensions etc... to get access to systems. Due to this reason security conscious people hide headers that are vulnerable.
Your explaining is opposite to which the author said in the article above

Doing this, will not make your server more secure… it will just prevent remote hosts to easily see that you have PHP installed on the system and what version you are running.
But I think you are right on this, because at least hackers will not know which php version is running on web hosting and it will make them a little difficult to exploit a website.

I would like to know which we also should hide from our web hosting? Apache, Mysql versions...etc? to make server better security.
 

rankmyhub

Well-known member
Joined
Feb 14, 2017
Messages
191
Best answers
0
Ratings
18
Points
0
#12
I would like to know which we also should hide from our web hosting? Apache, Mysql versions...etc? to make server better security.
Follow security headers SaaS tool recommendations, its a good place to start securing your website. If you are on wordpress. There is plugin called https://wordpress.org/plugins/wp-simple-firewall/ which lets you define CSP and other headers to pass the security header test.

However somethings like https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning is difficult to implement. Apart from that you can implement most recommendations suggested by the tool.

Server Security and Website Security are different. Website can rely on server security to some extent, but website security is more important in most cases.

For example, only technically experinced people are aware or know how to intrude into your server. But weak website security can be exploited easily even by normal users using tools like brutus, etc... as website is public facing or frontend.

For General security, implementing security headers, using standard code and auditing (basic tools like wpscan ) will be sufficient.

Your explaining is opposite to which the author said in the article above
I provided, this reference so that you can see what needs to be changed to turnoff expose php. As said, security is a complex subject to deal with. Yes, the author is right, merely hiding X Powered by header does not make you safe and secure. But you are leaving out clues about your server client side php version.

Which makes a big barrier for potential hacker, thus it acts like a firewall or gate and makes it difficult for the person to figure out what is being used by you.

Also it should be noted that PHP is server side executable scripting or programming language. So unless the hacker gets access to your system through FTP or someother protocol and puts his vlunerable or malware code into your server. The chances of getting hacked it difficult.

Now the good part is by hiding the X Powered by header, you are not giving any clue, and let me tell you hackers are not programmers, they just know how to use tools and exploit vulnerablities using set of standard tools. So they cannot code anything on own, of course some people does phython scripting. But normal webservers does not run phython scripts, so you are safe.

Security is difficult subject and it starts from keeping ourselves more secure first. Personally I have seen people not listening, despite of teaching some basics like password security. For example wordpress could be hacked easily, if the password can be guessed.

Do you know 10/100 people use password as pass or password and username as admin or administrator. Just because they cannot remember such basic things..suppose they use same password for their email, wordpress, and others. If the hacker gets access to one account, he can exploit same on other systems as well, easily.

Password is basic security and one must not make it weak.. If you are interested suggest to read this https://privacytoolsio.github.io/privacytools.io/#pw some tools you can use in your daily life to make things better.

Server security depends on server stack, underlying operating system in use. Usually, not needed unless you are managing VDS or VPS on your own. If you are on shared hosting, the hosting provider will harden things, so you do not need to bother much.

If you are running your own server, installed own OS, installed control panel on your own, then server security is important.

You must regularly update the packages, disallow root user ssh access, enable two factor authentication for cpanel users, follow security advisory provided by whm (yes, there is a security advisor on whm). And implement its suggestions.

These are sufficient in most cases. Make sure you paractice these on test systems, doing directly on production system for the first time may break things and you might loose access to your own server, if you do not know what you are doing.

https://documentation.cpanel.net/display/ALD/Security+Advisor

Hope this helps, you learn things one by one and implement on test systems before you do on live or production systems.
 

Dr. McKay

Well-known member
Joined
Nov 26, 2016
Messages
434
Best answers
1
Ratings
36
Points
28
#13
I am using Php 5.6 and i want to upgrade to PHP 7 but i am not sure there are many websites out there are using this version. Is there a tool that allow me to find the version of php that is running on a website?
If you have SSH, the easiest way to check PHP version with this simple command.

php --version

or

php -v

I tried to run on a server and got the result as following

[[email protected] ~]# php --version
PHP 7.2.8 (cli) (built: Jul 24 2018 07:24:07) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.8, Copyright (c) 1999-2018, by Zend Technologies
 
Joined
Apr 4, 2019
Messages
44
Best answers
2
Ratings
11
Points
8
#14
type f11 or f12 in keyboard buttons is the best way to know the php version.
 
Older Threads
Replies
7
Views
1,053
Replies
12
Views
2,014
Replies
15
Views
4,007
Replies
11
Views
1,644
Latest Threads
Replies
0
Views
1
Replies
0
Views
2
Replies
1
Views
10
Replies
2
Views
28
Recommended Threads

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top