Security risks of having public phpinfo() page?

security apache-2.2 php phpinfo

Solution 1:

It would entirely depend on how confident you are about your PHP install. If you think it is rock solid, even if an attacker knows everything about your PHP install, then you could leave it in place.

But really, why would you leave this in place on a production system anyway? There may be exploits you are not aware of in your version of PHP - people may now or in future scan for your version of PHP, or particular options you have enabled, because they know how to carry out these exploits. So by keeping this up publically, you added yourself to their hitlist.

If you want to keep it up, you can put it in a password protected directory, or just switch it on when you need it. Given the small cost of these options, I wouldn't take the risk of keeping it public.

Related

Rename windows service
How to send my public keys to EC2 server?
Can etckeeper be used to track config files outside of /etc?
Does transferring a domain transfers DNS records?
How can I find all of the domain names owned by a company? [closed]
How to save + close file when editing in bash?
How to exclude files from TAR archive using regular expressions?
.htaccess RewriteCond for REMOTE_ADDR while behind Load Balancer?
What are the "actual" differences between CentOS, RHEL, and OEL?
Verify disown command
Puppet - get list of packages and versions
Open source system for swipe card access? [closed]