Upgrade PHP & Website Security in 2018

Modified December 13, 2018 / By / Security / php, upgrade, website updates
Upgrading PHP in 2018

At Digital Canvas we talk a lot about security, PHP and web applications. With vulnerabilities, hacks, and cyber-crime on the rise in 2017, it seemed nothing was safe. Likely this trend will continue into 2018 and beyond as hackers are exploiting open source software faster and more efficiently. So, let’s talk about how to keep your website secure, why and how you need to upgrade PHP in 2018.

We’ll tell you how we keep our clients up to date.

Does this affect your small business website?

The answer is “absolutely, yes”.

Open source software is everywhere. A WordPress website (which, arguably, powers 30% of the Internet) is open source.

PHP  itself is an open source programming language. The Apache (or Nginx) for serving web pages is open source.

The Operating System (Unix, Ubuntu, CentOS, etc) is also open source.

You get the idea.

The entire system is completely built on open source if you are running *nix and PHP, which runs over 83% of the website.

83% of websites are running open-source and hackers are becoming more efficient at exploiting these systems.

It’s more important than ever to make sure your web server and website are protected against these hack exploits. Vulnerabilities are added in a number of ways:

  • new hacking technique never previously tested
  • new technology, previously not available for testing
  • old technology that should die (Flash)
  • sloppy code, written by non-security minded amateur programmers
  • a silly mistake made by an expert programmer – we’re all human
  • CMS security vulnerabilities (WordPress Security)
  • Server Code (PHP, Apache)
  • operating system security flaws (red hat)
  • hardware security flaws (as in recent Spectre/Meltdown)
  • insecure programming libraries (SSL v3 Poodle)
  • etc…

There are lots of ways to add vulnerabilities to the system. Therefore, it’s vitally important, now more than ever, to keep your website, WordPress, plug-ins, PHP and server all up to date.

Why Upgrade PHP and Code?

With a major version of PHP there are changes, some functionality is added, some removed (deprecated) and some just done differently.

In addition to just updating the PHP server engine, the site code also needs to be tested and potentially changed to be compatible with the new PHP version.

They all need to be talking the same language (get it?) or it won’t work.

Security

PHP is always releasing security updates and patches to there server software.

Many of these are security updates to keep the server secure.It’s highly recommended to keep this server software up to date.

It doesn’t matter how secure the code is, if the server is vulnerable, they’ll still get in. Most of all, upgrade PHP for the security.

Speed Enhancements

PHP 7 brags a full 3 to 4 times performance boost by just switching to PHP 7. Since the PHP engine was rewritten, performance and speed enhancement were added. Therefore, you should upgrade PHP in 2018 just for the performance boost. Hence, your site will run faster! Website speed is important for SEO and sales.

New Features

There are a number of new programming features available to programmers with PHP 7 to make their jobs easier and write better code. Some features include scalar types, Null coalescing operator, anonymous classes, closure call and more. I won’t go into all the technical stuff, but you can read more about the programming enhancements to PHP 7 here. So, you should upgrade PHP for the new features, too.

Bug Fixes

Occasionally the PHP team will find bugs in the PHP code or library. These are usually minor and seldom affect most sites, but bugs can happen. to update ensure your website is running optimally and error-free, make sure to upgrade PHP.

Current Versions

Currently, as of this writing, the supported versions of PHP are 5.6, 7.0, 7.1 and 7.2.

OK, that seems like a lot? Yes, it is. PHP is finally declaring an end of life for PHP 5.6 on December 31, 2018. PHP 7.0, even earlier, on Dec 3, 2018.

All Websites and Servers that haven’t upgraded to PHP 7.1 before December 31st, 2018 will no longer receive security updates.

To ensure website security all servers and websites running PHP need to be upgraded to PHP 7.1 by the end of 2018. To determine which version you are running you can log in to your hosting control panel, if you have one, or contact your web hosting provider and they should be able to tell you.

If you are in a compliance regulated industry, like PCI or HIPAA, is mandatory.

Without security, it’s only a matter of time before your site gets hacked. Since customer data or reputation depends on it, you need to upgrade.

What’s involved in a PHP Upgrade?

When you upgrade PHP you shouldn’t just move the code to an updated server and expect it to work. Just turning on PHP 7 in the control panel has the same effect: it just updates the server, not the website code. Code, that is not PHP 7.1 compatible, running on a PHP 7.1 web server will not run and be unusable in the way that it won’t even load, at all.

So, the code on the server may need adjusting and upgraded. The next questions are, “how long will that take?” and “How much will it cost?”.  That depends on if the site is using the code that was deprecated in PHP 7. A site using deprecated code can be fixed by updating that section of the code.  If it’s not using the deprecated code it may only take an hour or so to verify and test.

Major upgrades from 5.x to 7.x may require more work than Minor updates (7.0 to 7.1) and typically take an hour or so for testing, depending on the complexity and size of the site.

How do we do it?

The way to proceed with a PHP 5.6 to PHP 7.1 upgrade is to do a diagnosis of the site.

  1. First, We review and test the code. We have a code review process that uncovers and deprecated code or functionality
  2. Then, we apply fixes to the code to bring it up to date, and functional.
  3. Finally, we perform a security test on the site and check for known vulnerabilities.

Ultimately, the analysis gives us a clear picture of how much work is involved in your specific PHP update. From there, we can provide an estimate.

We usually start this process well in advance to allow time for the many clients and websites we work with. At times we start this process a year before the upgrade site needs to go live.

Not all sites need this level of analysis. If you have a WordPress site, you may want to just flip the switch and see if it works. Just make sure to do all updates first and backup everything.

If you need help with making sure your website is secure, assistance performing an upgrade, or just don’t know where to start, give us a call at (925) 706-1700.

PHP 7 Compatibility Test

We can help make sure your PHP is up to date for small sites or complex applications. 

We Can Help

PHP 5.6

ON YOUR WEBSITE?

STILL RUNNING

We can Help with the Upgrade

About The Author

Jeff Shaikh is the Founder and CEO of Digital Canvas, a unique web development and marketing company helping clients turn visions into reality and getting more customers. Jeff loves numbers, analytics, marketing statistics, and a good curry.

Website Marketing Tips

15834

Get exclusive tips and tricks about website marketing in your inbox.

SUBSCRIBE FOR UPDATES