As with the WordPress version it’s not wise to disclose the exact PHP version you’re using because it makes the job of attacking your site much easier. This issue is not directly WP related but it definitely affects your site.
You’ll most probably have to ask your hosting company to configure the HTTP server not to show PHP version info but you can also try adding these directives to the .htaccess file:
<IfModule mod_headers.c> Header unset X-Powered-By Header unset Server </IfModule>
If you are concerned about WordPress security on your site, we encourage you to follow the full set of tips on our WordPress Security page. And get in touch if you need help with protecting your site from hackers.