What are Magic Quotes? Magic quotes is a controversial feature of the PHP scripting language, wherein strings are automatically escaped (special characters are prefixed with a backslash) before being passed on. It was introduced to help newcomers write functioning SQL commands without requiring manual escaping. It's preferred to code with magic quotes off and to instead escape the data at runtime, as needed.
You can disable magic quotes via editing your PHP configuration file (php.ini). If you cannot do this, you can disable via .htaccess by adding the following line to your .htaccess file:
php_flag magic_quotes_gpc off
Last Revised: 2015-08-25
Whenever Apache2 web server returns a page, it outputs the web server signature (e.g., Apache version number and operating system info): in the HTTP Response Header, and at the bottom of the default server error pages.
Revealing web server signature can be a security risk as you are essentially telling hackers known vulnerabilities of your system. Thus it is recommended you disable or turn off all web server signatures as part of server hardening process. To disable, you can try adding the following to your top .htaccess file:
Note that on some servers to make it work, you may need to add to the server config file (apache2.conf or https.conf, depending on web server type), and then restart the web server. You will require root SSH access, and *nix expertise to do this. Otherwise, ask your web host to do it.
Last Revised: 2015-08-29