Most popular versions of PHP used by your customers are unsupported by PHP.net and as of June 21st, add PHP 5.5 to the mix of PHP versions that are no longer supported by the community. This means that as security vulnerabilities are discovered, they will not be fixed by PHP.net in versions PHP 5.5 or older. That affects 84% of all PHP sites!
Here is a quick rundown on numbers:
PHP.net is the most popular server-side programming language with 82% market share and by far the fastest growing amongst it’s “competitors” with ASP.net taking only 15% of the market, according to W3Techs.com.
As depicted in the above image, PHP version 5 is used by 97.8% of all websites who use PHP, and version 5.5 is used by 20% of all the websites who use PHP version 5. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable.
Here is how PHP.net support normally works – for two years, bugs and security issues that have been reported are fixed and are released in regular point releases. After that two year period, each version of PHP is supported for an additional year for critical security issues only. After the version reaches the end of life, it is no longer supported by the community and any vulnerabilities, when discovered, are no longer being fixed.
Currently, versions 5.0 – 5.4 and as of June 21st, 2016, 5.5 are not supported by the community. This makes up 86% of all PHP 5 sites and 84% of all PHP sites. So, basically, most of the PHP sites are currently not supported by the PHP community.
How to keep customers’ PHP 5.5 websites secure:
Typically, unsupported versions present a security problem, and it means it is time to move the sites from unsupported versions, in this latest case PHP 5.5, to later versions. But more often than not, when a version becomes obsolete, website owners are not able to update and change programs to accommodate newer versions quickly to ensure the security of their site.
But as always, as long as you are using HardenedPHP that comes with CloudLinux OS – you and your customer sites are safe. You don’t need to force customer upgrades to newer PHP version making them re-write scripts written for an older PHP version. You also don’t need to upgrade PHP on your servers and risk breaking their sites. And we’ve made a promise to our customers – we will continue backporting security patches to old versions of PHP for the foreseeable future.
With HardenedPHP in CloudLinux OS, you can secure old PHP versions, and with PHP Selector you can also offer various packaged PHP versions on a single shared web server to ensure maximum security and profitability.