Top 5 Tips To Secure Your Apache Web Server Configuration
By: Date: May 26, 2021 Categories: Apache,Security,Ubuntu,Wordpress

Here are a five ways to secure your Apache hosting your WordPress site by editing the Apache configuration file.

sudo nano /etc/apache2/httpd.conf 

Add the following to your end of your config file:

ServerTokens Prod
ServerSignature Off
TraceEnable Off   
Options all -Indexes
FileETag None

Be sure to restart Apache after:

sudo systemctl restart apache2.service

Here is a explanation of these directives:

ServerTokens Prod — This is the least amount of information you can provide
ServerSignature Off — This disabled showing OS and apache version
TraceEnable Off — Server will return a (Method not allowed) 405 error to the client.
Options all -Indexes — Turns off directory browsing
FileETag None — Hides private details about your server. Required if you need to be PCI compliant.

Leave a Reply

Your email address will not be published. Required fields are marked *