PHP is the most widely used server side script according to reports. However, multiple popular versions of PHP used in more than 85% of all PHP sites are unsupported by the PHP.net community. Thus, lots of php vulnaerabilities are not cared officially. Hackers can easily crack into those old technologies and you'll be victim in case your online properties are based old php supports. The big event these days is 000webhost hacking because of old php. According to W3Techs.com, as of August 2015, percentage of websites using PHP subversions:
- 39% PHP 5.3 — no development, no bug fixes, no security support as of August 2014
- 14.9% PHP 5.2 — no development, no bug fixes, no security support as of January 2011
- 31% PHP 5.4 — not supported by the community as of September 14th
- 2%+ older versions, including 5.1 & 4.4
As we see, a huge amount sites are served by old version php support while the PHP.net community does not patch any vulnaerability even if discovered. It's a dangerous signal to people who still rely on those platforms. Especially for people who even hosted on old server platform such as windows server 2003, they don't even get the chance to upgrade php because the server system is not supported anymore since php5.5 release.
How you can avoid those php vulnerabilities?
The simple solution is to upgrade to latest php stable release from php.net downloading. But, before you start any update, check around and make sure you can proceed with no problem!
- If your current server allows upgrade – You must check if your server platform meet the new php minimum requirement such as server OS and web server configuration etc. If you're still served on some old server system, what you should do is to upgrade server first instead php.
- If your scripting compatible with new version php – Some php scripts are programmed under some specific php environments, thus you have to check if it will work properly from new version. Or if you use some online application, be sure to upgrade to latest version.
- If your scripting secure enough – The purpose of php update is to ensure security. However, you must check if your scripts are programmed well or not. If there's bug or weakpoint itself, the php update will not help any.
What if I have to stay with current php?
If you have no choice but have to stay on current php platform, you might consider cloudlinux platform. The latest cloudlinux provides HardenedPHP that be able to protect your php scripts in advanced security. With CloudLinux OS, not only you can secure old PHP versions with HardenedPHP, you can also offer various packaged PHP versions on a single shared Web server to ensure maximum security and flexibility. learn more about php selector
Cloudlinux is standard choice by lots of reputable web hosting providers thus you don't have to prepare by yourself. But in case you're running a VPS or dedicated server, upgrade to new php is the best option.
More about Cloud linux
Cloudlinux is deep optimization of CentOS linux with mission to make Linux secure, stable while keep profitable. Cloudlinux provides advanced security and proven better performance from live production experience. Comparing to any free or commercial linux release, it's recognized the best. The OS is currently running on more than 25,000 production servers