I was wondering, what's the best extension to use with my php code? Should I keep it .php? I know it's not a good idea to use .php5 because it makes it easier for hackers to identify your php version... But I was wondering, what if we use custom extensions though Apache? Then rename all our .php files to something, say like... .aspx or .pl? Would this at least slow the hacker down? Post your ideas!
Hacker don't hack websites just by identifying extensions. Its your code that actually let your server hack. You can keep .php without any problem if you're code is good.
What you're referencing is known as "Security by obfuscatory" .. which isn't good alone, but it's just another layer of protection. It will most likely deter a lot of script kiddies which has it's benefits, but as mentioned above, in the end it depends on the code. If you can easily change the extension (mod_rewrite, etc) do it, if not don't worry it's not going to help that much.
By default PHP inserts x-powered-by into the response headers. For example take look at the response headers in the Site information Tool: www.digg.com : x-powered-by contains PHP/5.2.0-8. There are also other approaches to detect PHP presence (PHP easter eggs for example). I think, hiding your PHP presence is not a big deal against hackers. Much more important thing is to have carefully written and tested scripts. As for me, I prefer to transform .php urls to .htm, .html or / urls just for SEO and user friendly look.