Will your website be at risk this December?

After the 31st December 2018, 61.3% of all known server-side programming sites will no longer have access to security and maintenance updates. PBS Creative explores why this could pose a serious security risk for your website…

What does this mean for your website?

If a vulnerability is detected in PHP version 5, it will no longer be plugged as it will be obsolete. These types of vulnerabilities can vary significantly in terms of severity. The worst-case scenario being that they could potentially allow an attacker to upload their own code to intercept personal data, payment cards and download sensitive data.

According to a survey by W3Techs.com who collated data from a sample of the top ten million websites; “PHP is used by 78.9% of all the websites whose server-side programming language we know.” Of those websites, 78.3% are still using PHP version 5 which means that a staggering 61.3% of known server-side programming sites are running a version that won’t be supported come the 31st December!

PHP did have the foresight to recognise that upgrades of this magnitude would take time to implement so they provided the industry with more time to address the upgrades by changing the security fixed period from one to two years. Unfortunately, this extended time seems to have been largely ignored and will mean that hundreds of thousands of websites will be vulnerable in the future. 

Are you compliant?

If your website processes, stores or transmits credit cards data; it’s important to ensure you’re compliant with PCI DSS. The PCI DSS requirement 6.2 states that all organisations should “Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor – supplied security patches. Install critical security patches within one month of release.”

If your website uses PHP 5.6 or an older version, then you’re not compliant when a vulnerability is discovered. We believe it’s better to be prepared beforehand!

Unfortunately, the process of preparing isn’t a simple step of upgrading the version of PHP on your server or changing hosting provider. Code changes are usually required to prevent parts of your website from breaking or failing. There’s no way of knowing if this will impact your website without inspection of the code.

PHP Supported Versions

Supported versions can be seen in the below image or by clicking here

*If you’re wondering what happened to version 6; it was scrapped, and they carried straight on to version 7.0

Why should you upgrade?

  • To prevent potential security issues.
  • PHP 7.1 provides significant performance improvements, so it can be up to twice as fast at processing your code than PHP 5.
  • Upgrading to the current version of 7.2 is 20% faster than 7.0. Come the 3rd December 2018, PHP 7.0 will no longer be supported.
  • New features are available for web developers which can be used to improve your website.

*If you’re using a Magento ecommerce engine then – Official PHP 7.2 support for v1.9.2 and above only: https://magento.com/tech-resources/download#download2240 

Many Magento ecommerce sites are still using versions 1.6, 1.7 and 1.8.

How we can help…

PBS Creative can help you with this process by providing a website or code security audit. This will allow us to establish if there are any vulnerabilities and offer you an upgrade service as a solution. The most concerning thing about failing to fix these issues now is that they can become a more complex job later on. Fixing code isn’t a quick process and your website will be vulnerable until you contact a developer to fix it. We anticipate that developers will be in high demand due to these issues!

Warn Others…

If you have any questions or are concerned about your website, please do get in touch by calling 01952 898 626 or fill in our contact form here.

Why an elephant?

The elePHPant mascot has been around a long time. Read A Field Guide To ElePHPants to discover its origins.