Web Hosting Forum - Net Hosting Talk

We are a community of individuals and businesses passionate about web hosting. Let's build, learn, and grow together.

PHP 5.6 and PHP 7.0 are left without security support

Due to the constant appearance of vulnerabilities, the need to introduce new functionalities and the importance of improving the performance of applications and servers, the versions of programming languages, frameworks or any other service are constantly updated. But, although services are improving and fixing vulnerabilities, users do not usually update so easily. Which is a great risk because the versions are abandoned. And this is the case of the end of security support of PHP 5.6 and 7.0.

End of PHP 5.6 and 7.0

PHP is the programming language that makes web pages more interactive. That is, without the use of PHP most websites would be limited to text, links and images in the simplest way. Currently, 78% of web pages use some version of PHP; so that they can offer more and better features to the user. The problem comes when most of this use obsolete versions of the programming language.

Since it was published in 2014, PHP 5.6 has become the most widely used PHP version worldwide. So much that currently it is still used in 61% of web pages. This would not be bad news if it were not because in a few days the end of PHP 5.6 will come. A version that has extended its support periods, especially security, given the impossibility for the user to update to the latest versions. PHP 5.6 does not have active support since 2017; and in just a few days it will stay, finally, without security support.

With the arrival of the end of PHP 5.6, PHP 7.0 will also arrive. So from January 2019 the oldest active version of PHP will become PHP 7.1. The end of PHP 5.6 and 7.0 will make the use of any version before PHP 7.1 not recommended. Not because it can not be used, but because of doing so the websites are exposed to all kinds of security problems. That is to say, 60% of Internet websites that are not updated will be vulnerable as of January 1.

CMS and obsolete versions

Content managers such as WordPress, Drupal or Joomla have contributed to the use of outdated versions of PHP. Although they recommend the use of the latest versions and warn that obsolete versions make the website vulnerable, platforms continue to support them. If they stopped supporting versions like PHP 5.6 and 7.0, users would be forced to update the version of their websites.

Although at the moment no critical security problem has occurred, for the purpose of PHP 5.6 and 7.0, all kinds of vulnerabilities could appear. Especially in the case of PHP 5.6 as a result of its great adoption.

If you are one of those who still resort to obsolete versions, you are losing performance and performance improvements of your website; besides being endangering their safety. A service that has active support will have performance improvements from time to time; If you have security support, in addition, you will be safe from any vulnerability. But if the version has reached the end of its life, the application will be in danger.

Upgrade to PHP 7.2

As usual, every new version of PHP incorporates improvements in terms of functionality and performance. In this sense the change from PHP 5.x to PHP 7.x improved the speed; in addition to including support for 64-bit and solving critical errors of the 5.x. Thus, since the release of PHP 7.0 at the end of 2015 the speed of the versions of branch 7 has doubled.

Since the end will not only come for PHP 5.6 but will also be the end of PHP 7.0, our recommendation is that you update your code to the latest stable version: PHP 7.2 . Updating the PHP version implies checking the compatibility between the two versions to avoid problems, that is, it is not as simple as simply modifying the version. Hence, once you are going to make the change, we recommend opting for PHP 7.2; a version that will have security support until the end of November 2020.

Before updating your version of PHP you can use tools that allow you to check the compatibility between versions like php7mar , phan or phpstan . And, if you do not know which version of PHP you are currently using, you can check it in different ways; through the control panel or from the CMS itself that you use. You can also use the phpinfo.php function to get more information about the PHP configuration; as for example, the version that your website uses.

Update your PHP version before the end of PHP 5.6 and 7.0 security support. Thus, you will ensure that your website, online store or server are not vulnerable.
Thanks this information is helpful! Currently, I am using PHP 5.5 is it safe? Does my website security on PHP 5.5 is compromised? Looking for some information.
  • Advertisement
  • Advertisement