From 29c8e438c1a80511e5f6fd006c089aba10f069a2 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <FireFart@gmail.com>
Date: Wed, 4 Jun 2014 01:11:22 -0700
Subject: [PATCH] Updated WordPress Security Tips (markdown)

---
 WordPress-Security-Tips.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/WordPress-Security-Tips.md b/WordPress-Security-Tips.md
index 5a146b3..7f841ef 100644
--- a/WordPress-Security-Tips.md
+++ b/WordPress-Security-Tips.md
@@ -94,4 +94,23 @@ Most administrative users login to their blog via the same IP address. By whitel
 
 **23. Use a strong password**
 
+**24. Review the Headers sent by your Webserver**
+You should always review the HTTP Headers sent by your Webserver and limit them to a minimum.
+To check your Headers you can execute the following command and check the output.
+```
+curl -skI http://www.domain.com
+```
+
+As an example, PHP sends it's version information in a header. To disable this, add or uncomment the following line in your php.ini:
+```
+expose_php = Off
+```
+
+If you are running apache, you can also minimize the info sent about your Webserver. You should edit the file `/etc/apache2/conf.d/security` and set the following values:
+```
+ServerTokens Prod # Only show Server: Apache
+ServerSignature Off # Remove internal information
+TraceEnable Off # Disable trace method
+```
+
 **For further WordPress hardening tips see: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)**
\ No newline at end of file