Automatic/option for hiding of Plesk, PHP, Apache, Nginx, Wordpress, Drupal, etc. 'reveals'
It would be so useful to accommodate one hardening feature, and that would be to switch on/off the server reveal options for Nginx/Apache (Lightspeed, whatever), the expose_php attribute for the version number in PHP (and equivalent in Perl, etc.), the Wordpress/Drupal (and Joomla, etc.), reveal of their presence and version numbers. See this article for the cybersecurity relevance of that (there's a lot more on the 'securityheaders.com' website and free checkers for all of this there too), but I pick this as an illustration of what I'm referring to with php:
https://serverhealers.com/blog/hide-php-version-x-powered
All of these things are simple, and just require something that is added during the set up process and in the Plesk admin (or other) menu.
It might be harder to automate this for something like extensions, but not particularly themes in Wordpress (and perhaps the others), but I think that it would be helpful if it was a policy requirement that stuff developed for Plesk (well, other things too) were expected to offer during their installation the opportunity to mask these things too for their plugins/software.
This is such a simple 'hardening' operation and next to no risk at all to do, that it seems crazy that there is not a switch on/off function as part of the list of vulnerabilities on the scan that takes place as part of the Plesk security checker. Except for Nginx (requires [basic] recompile) and maybe Plesk itself (not sure about that one). The benefits are well recognised and will save time for more experienced users, but could/would be much more difficult/worrying/dangerous for a newbie trying.
Jonathan Jewell
shared this idea
Thank you for your idea! We will consider this functionality in upcoming releases if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
Here I'd like to add, though, that in the real world attackers simply test a website against all known vulnerabilities, regardless what webserver, PHP or other software version they detect. Actually, such version information are of no interest, they simply drive tests against all known flaws. So adding the feature will probably not help against hacking attempts.
-- PD