Home / Tools / Verify your hosting server software version is not publicly exposed
Exposed Files · Scan Check Guide

Verify your hosting server software version is not publicly exposed

10 min Impact: medium Effort: low ✓ Scan-verified — no manual checkbox

A phpinfo() file left accessible on a live server dumps your complete server configuration — PHP version, loaded modules, file paths, and sometimes environment variables — handing an attacker a detailed map of exactly what software versions to look up known exploits for.

phpinfo() reveals your PHP version, server configuration, installed modules, environment variables, and file paths — a detailed map for attackers.

How to fix it

  1. 1
    Check common paths
    Visit /phpinfo.php, /info.php, /test.php — these are the usual default names left over from setup or debugging.
  2. 2
    Delete any found
    These files have no reason to exist on a live production server — remove them entirely rather than trying to restrict access.
  3. 3
    Check your deployment process
    If a phpinfo file gets added during every deploy for debugging, exclude it from what actually ships to production.

Common mistakes

How you'll know it's done

No phpinfo() output is accessible at any common path on your live site.

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →