PhpSecInfo Test Information
This test determines if the expose_php setting is enabled.
When enabled, expose_php reports in every request that PHP is being used to process the request, and what version of PHP is installed. Malicious users looking for potentially vulnerable targets can use this to identify a weakness.
expose_php is enabled by default.
Turn expose_php off. It won't by itself fend off a determined attacker, but it will lower visibility to attacks that rely on simple reconnaissance techniques to scan for vulnerable targets.
You can only disable expose_php in the php.ini file:
; Disable expose_php for security reasons expose_php = 'off'