Happy New Year: Your Website is Vulnerable!

October 31st, 2018

On 1st January 2019, PHP 5 reaches ‘end-of-life’. This means that the developers will no longer be updating or patching the software, even if security holes are discovered.

Websites that run on PHP 5 will be vulnerable to any future security holes that hackers discover.

How do I know if my site uses PHP?

Many content management systems (CMSs), including WordPress, Drupal, Joomla and Perch, run on PHP. If your site uses any of these CMSs, you will need to check which version of PHP your site uses.

Even if your site doesn’t use a CMS, it would be worth checking with your host to check if your site uses PHP at all.

What do I need to do?

The steps to check and update your PHP version are quite straightforward. Ideally, your site will already be running on PHP 7. If not, many hosts offer a one-click update in your website’s control panel.

If you’re not sure what to do, I would suggest contacting your host and asking them to check your PHP version and upgrade it if needed.

How will it affect my site?

The good news is that the switch is usually seamless. PHP 7 also runs a lot faster than PHP 5, so you may notice a performance increase on your site.

However, if your site is running old scripts, plugins or themes, you may experience incompatibility issues. These will likely need to be fixed by a developer.

Simply updating the themes/plugins that are causing the issue(s) will probably fix the errors you are seeing. If updates are not available, it’s likely that the plugin/theme you’re using is old and unmaintained.

In this case, it’s advisable to switch to an actively maintained theme or plugin that is PHP 7 compatible. Not only will this reduce the chance of errors, but running supported themes and plugins means they’re likely to be more secure.

As ever, you should take a backup before performing updates or working on the site. If possible, you should test your site on a development server that’s already running PHP 7, before switching your live site to the new version.

Get checking

It’s tempting to leave a task like this at the bottom of a to-do list, but I’d strongly recommend looking at it sooner rather than later.

There are a significant number of hosts who have not updated their default PHP versions from 5.6. If your site is running on this, it will be an instant target for any security vulnerabilities that hackers try to exploit from January onwards.

In most cases, the switch to PHP 7 will be a quick and painless task, but updating your PHP version now will give you the maximum time to prepare if any issues occur.