INSIGHTS - October 2018

Your site is about to get a lot more hackable

PHP is the software that enables many different installations of popular web software to run on your host. WordPress, Joomla, Drupal etc. all rely on it. 5.6 is the most popular version in production. There is a significant problem looming: PHP 5.6 is coming to end-of-life (EOL) at the end of this year.

PHP v5.6 is about to be end of life. Similarly so is 7.0.

Because of it’s popularity, 5.6 was given extended support. That support has come to an end and it is time to upgrade.

Why is this a problem?

61.8% of all sites run this PHP version or lower. This means that 61.8% of all sites will no longer receive support for any problems found with the software that manages their websites. The result: 61.8% of all sites face an increased risk of being hacked or defaced; they run the risk of having malware inserted into their pages; all compounding in a cost to you – whether that is in terms of money, time or prestige.

The three most most popular CMSs: Joomla, WordPress’ and Drupal all still have minimum versions well below 5.6 although Drupal took the step to upgrade to v7.0 as of March 2019 which, while a positive step, will also be EOL (on Dec 3) before 5.6 will be. WordPress fully supports 7.x but maintains the minimum version at 5.2 in an effort to be as flexible and supportive as possible to third party developers.

The message is clear: the onus is on the hosts and the clients to look after their own installations.

What can you do? Talk to your host to work out a plan to move to 7.2 before the end of the year. In fact, don’t just settle for an idle chat; demand action. There may be some pain with the process as old sections of your site might need to be upgraded to match the new version, but the security and peace of mind outweigh the risk of getting hacked.