How to secure yourself from old PHP versions?


Are outdated PHP versions dangerous for my website?

In the easiest case, when you are using an outdated PHP version, you will see "deprecated" messages in logs. A slightly worse case is when you are getting those messages displayed on the front page or it's blocking parts of website functionality. While it does not sound dangerous, it is information you are giving to a potential attacker for free. And it's not uncommon to observe.

But it can be a bit worse. If data being shown on the front page shows too much, then the attacker does not even need to attack. He just logs in to your admin panel (or applies small modification to forms and then logs in)! And of course. One last scenario is that the website simply stops working.

Which PHP version should you use?

Hosting providers mostly do not offer help when migrating old scripts to a new PHP version. Even though they allow you to change the PHP version. But should you use an older version that lacks security support? The obvious answer is - no.
On updating to a new PHP version you definitely first need to check your website on a separate test server, if your website is compatible. Then you can assess the amount of work needed to bring the full functionality of the website - if any work is needed. Sometimes, if your software was updated accordingly, your website will have no problems when switching to a new PHP version.

But if there are any bugs or usage of deprecated functions, you should check those closely. It's important to fix all "deprecated" notices. It is information for you, that in the next PHP versions functions will not be present - and the website will simply stop working.

And just a reminder - PHP 5.4 and 5.5 is no longer supported. PHP 5.6 will receive security updates up to 31 Dec 2018 - and will no longer be developed. Even faster - PHP 7.0 - will no longer receive security updates after 3rd December 2018.

So it's a good time to ask a person that takes care of your website if you can update the PHP version - preferably to PHP 7.1 or 7.2. But if you do not have such a person - do not hesitate to reach us via the contact form below. Up to 3rd November, PHP compatibility check is only 100 Euro for the standard website (PHP 5.6, 7.0, 7.1 and 7.2)! After November 3rd prices will go up - so hurry up and contact us via the contact form below.




Łukasz Pawłowski

CEO of Sailing Byte

I am running Sailing Byte - a Software House that focuses on Laravel and React, but doesn't constrain to it; we have also done projects using C#, Unity, Flutter, SwiftUI and other. My role is to organize and deliver software using Agile methods - by providing experience and technical knowledge and proper set of tools to cooperate with our clients.

During our journey I have met all kind of great people, who also took part in our success - both our clients and business partners who are part of our success and who also helped us to elevate Sailing Byte as polish software house, that is providing quality development not only in eastern Europe, but also UK and USA.

Suggested Posts

Let's talk