If you run a curl on your website similar to the curl below, does it return php versions?
This is NOT secure. We will now make a simple change to the php-fpm php.ini file to hide this

curl -LIsX GET lukeslinux.co.uk | grep php

To hide the php value, find the following value and turn it off:

expose_php = On

Restart php-fpm and you are done. Test again by rerunning the curl command.