Mendisable phpinfo function di PHP yg kiranya membahayakan :p (kecuali bagi admin).

If you leave phpinfo enabled and use some file other than phpinfo.php, it can still be found. It is pretty trivial to figure out that if you search for a couple specific terms, that you will find the PHP test page that somebody created and forgot about. Consider using safe mode. Just set:
; Safe Mode
;
safe_mode = On

in php.ini and restart your webserver to use this. You can verify whether safe mode is enabled using the above phpinfo technique. Another item to consider is the disable_functions directive. For instance, you could set this:

disable_functions = "dl,phpinfo,shell_exec,passthru,exec,popen,system,
proc_get_status,proc_nice,proc_open,proc_terminate,proc_close"


Sedangkan di apache tambahkan line berikut :

ServerTokens Prod
ServerSignature Off