Remove X-Powered-By HTTP Header
The X-Powered-By HTTP header reveals the technology stack used to build your website, including details like WordPress version and server information. This can be useful for developers, but it also poses a security risk because it gives attackers more information about your system. By removing the X-Powered-By header, you can reduce the likelihood of automated attacks targeting known vulnerabilities in your WordPress version or server.
Using the REST API settings in WP Adminify, you can easily remove the X-Powered-By header from server response HTTP headers to secure your site further.
1. Access the REST API Settings
To begin:
- Log in to your WordPress dashboard.
- Navigate to WP Adminify > Security > REST API
2. Enable REST API Feature
Ensure that the REST API feature is turned on. You can activate it by switching the toggle next to the "Show" button. This must be enabled to access the options for modifying server headers.
3. Remove "X-Powered-By" Header
In the REST API settings page, find the option to Remove "X-Powered-By" Header from the server response HTTP headers. This will stop WordPress and your web server from sending details about the technologies running your site.
- Check the box next to Remove "X-Powered-By" Header.
This removes unnecessary information from your server’s HTTP headers, helping to obscure your site's platform and make it harder for malicious bots to target you based on this data.
4. Save Changes
Once you’ve checked the option to remove the X-Powered-By header:
- Scroll to the bottom of the REST API settings page.
- Click Save Changes to apply the configuration.
This ensures that the X-Powered-By header is no longer sent in future HTTP responses from your WordPress website.
5. Verify Header Removal
To verify that the X-Powered-By header has been removed:
- Open your site in a browser.
- Right-click and select Inspect to open the Developer Tools.
- Navigate to the Network tab, refresh the page, and select the first HTTP request (likely to your home page).
- In the Response Headers section, ensure that there is no mention of the X-Powered-By header.
Alternatively, you can use an online HTTP header checking tool to inspect your site's headers without needing developer tools.
Didn’t find what you were looking for? Get in touch!
Updated on October 31, 2024
Was this helpful to you?