Aggiornare PHP Giacomo Lanzi

Updating php: why and how

PHP is one of the most popular scripting languages on the web today. According to W3Techs, PHP is used by over 82% of all websites that use a server-side programming language. This means that 8 out of 10 sites use PHP in one form or another. Being a scripting language, it is essential to update PHP to the latest version available, unless you have special needs.

Today we try to understand the importance of updating to the latest PHP versions, not only for security reasons, but also to improve performance and support. The precise procedure will also be shown via a simple how-to.

When to update PHP?

As with any software, PHP has a lifecycle that it must adhere to in order to continue making improvements and moving forward in development. Each major PHP release is generally fully supported for two years. During this time, bugs and security issues are regularly fixed and fixed. a third year of support is guaranteed, only for what concerns language security and not performance.

PHP versions supported

As of today (summer 2020), anyone running a version of PHP 7.1 or lower no longer benefits from security support and is exposed to vulnerabilities that will not be fixed. According to the official WordPress Stats page, at the time of writing this article, over 41% of WordPress users are still using PHP 7.1 or lower. This is not only a security issue, but it is also a hindrance as there are still many sites that do not take advantage of the further performance improvements introduced with PHP 7.2 and later.

Unfortunately, not everyone is aware of the danger and since updating PHP is an operation that must be done on the server and not from the site itself, a good portion of users do not even know how to proceed.

Supported php versionsAs can be seen from this image, the currently supported versions of PHP are 3: 7.2, whose security support will end on November 30, 2020; 7.3, supported until December 2021 and 7.4 supported until November 2022. Warning: in the last 12 months of the version’s life, the only guaranteed support is the security one.

Slow updates

There are many factors that could affect a slow adoption of recent versions of the language, here are some of them:

1. The owners of the sites, not being technicians, do not know the language and do not know they have to update PHP in order to have a safe and up-to-date site.
2. Those who use custom themes or plugins on their site want to be sure that the new PHP versions do not have backwards compatibility problems. These developers are waiting for the new guidelines to be released for the most recent versions, and only after checking their plugins and themes do they fully adopt the new version.
3. Some hosts are afraid to update the language on the server as it could lead to a wave of support tickets. Luckily, providers increasingly make the choice of version available to the end user, as we will see shortly.
Honestly, I don’t understand all this fear of updating PHP and keeping your systems running well and safe. I think the wait is quite useless and risky.

How to update PHP on SOD hosting panel

First, log into your control panel and from the main dashboard, scroll down to the section of the site concerned. At the bottom, click on the “Show More” button to view hosting options.

Update php - step 1

Among the options, look for the one called “PHP Settings”. Note that the version currently in use by the server is already shown next to the name. Click on the option to land on the PHP settings page.

Within the PHP section, it is possible, through a drop-down menu, to change the version in use. Versions that are no longer updated are marked as “outdated”, but still selectable.

On the page, in addition to the version active on the server, it is possible to modify many other PHP options relating to performance and security. For example the limit of the dedicated memory, the maximum execution time of the scripts, the location of the scripting folders and so on.

These are all features that the average user does not need on a daily basis, but the fact that such in-depth control of PHP options is available is a plus for the flexibility of the control panel and service.

Make sure your host is using the latest versions of PHP

As we have seen, updating PHP to the supported version is a simple operation to be performed through the appropriate panel of the hosting plan.

A few years ago, a great article titled “Whipping Your Host Into Shape” by Joost de Valk went into detail about how the real problem is that providers don’t adopt recent versions faster and, even if they do, they don’t encourage users to update themselves. Years have passed since that article and I hope that the trend will improve, and that more and more people think about the security of their portals also through the updating of the infrastructure that hosts them.

Through the control panel of SOD hosting plans, keeping the service updated and secure is simple, and updating PHP is just an example of the potential of the panel itself. Check for yourself by accessing a demo of the service.

[btnsx id=”2931″]

Useful links:

PHP Support

Manage WordPress from the hosting panel

 

Share


RSS

RSS feed

More Articles…

Categories …

Tags

Acronis Cloud Backup BaaS Backup cloud cloud computing Cloud Conference cloud provider reggio emilia cloud server cloud services CTI cyber security cyber security cyber threat Cyber Threat Hunter Data Exfiltration GDPR Machine Learning Monitoraggio infrastruttura ICT Next Generation SIEM nextgen siem online hosting owncloud owncloud pentest Phishing Plesk Ransomware Ransomware security server virtuale sicurezza siem Smart Working SOAR SOCaaS Threat intelligence UEBA VDS Virtual Machine vps vulnerability assessment web hosting webinar Zabbix Zabbix as a Service

RSS darkreading

RSS Full Disclosure

  • [SYSS-2024-030]: C-MOR Video Surveillance - OS Command Injection (CWE-78) September 6, 2024
    Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-030 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401, 6.00PL01 Tested Version(s): 5.2401, 6.00PL01 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: - Public Disclosure: 2024-09-04...
  • [SYSS-2024-029]: C-MOR Video Surveillance - Dependency on Vulnerable Third-Party Component (CWE-1395) September 6, 2024
    Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-029 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401 Tested Version(s): 5.2401 Vulnerability Type: Dependency on Vulnerable Third-Party Component (CWE-1395) Use of Unmaintained Third Party Components (CWE-1104) Risk Level: High Solution Status: Fixed...
  • [SYSS-2024-028]: C-MOR Video Surveillance - Cleartext Storage of Sensitive Information (CWE-312) September 6, 2024
    Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-028 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401, 6.00PL01 Tested Version(s): 5.2401, 6.00PL01 Vulnerability Type: Cleartext Storage of Sensitive Information (CWE-312) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: - Public...
  • [SYSS-2024-027]: C-MOR Video Surveillance - Improper Privilege Management (CWE-269) September 6, 2024
    Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-027 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401, 6.00PL01 Tested Version(s): 5.2401, 6.00PL01 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: - Public Disclosure:...
  • [SYSS-2024-026]: C-MOR Video Surveillance - Unrestricted Upload of File with Dangerous Type (CWE-434) September 6, 2024
    Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-026 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401 Tested Version(s): 5.2401 Vulnerability Type: Unrestricted Upload of File with Dangerous Type (CWE-434) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31 Public Disclosure:...
  • [SYSS-2024-025]: C-MOR Video Surveillance - Relative Path Traversal (CWE-23) September 6, 2024
    Posted by Matthias Deeg via Fulldisclosure on Sep 05Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Version(s): 5.2401 Tested Version(s): 5.2401 Vulnerability Type: Relative Path Traversal (CWE-23) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31 Public Disclosure: 2024-09-04 CVE...
  • Backdoor.Win32.Symmi.qua / Remote Stack Buffer Overflow (SEH) September 6, 2024
    Posted by malvuln on Sep 05Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6e81618678ddfee69342486f6b5ee780.txt Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.Symmi.qua Vulnerability: Remote Stack Buffer Overflow (SEH) Description: The malware listens on two random high TCP ports, when connecting (ncat) one port will return a single character like "♣" […]
  • HackTool.Win32.Freezer.br (WinSpy) / Insecure Credential Storage September 6, 2024
    Posted by malvuln on Sep 05Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/2992129c565e025ebcb0bb6f80c77812.txt Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: HackTool.Win32.Freezer.br (WinSpy) Vulnerability: Insecure Credential Storage Description: The malware listens on TCP ports 443, 80 and provides a web interface for remote access to victim information like screenshots etc.The […]
  • Backdoor.Win32.Optix.02.b / Weak Hardcoded Credentials September 6, 2024
    Posted by malvuln on Sep 05Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens on TCP port 5151 and is packed with ASPack (2.11d). Unpacking is trivial set breakpoints on POPAD, RET, run and dump […]
  • Backdoor.Win32.JustJoke.21 (BackDoor Pro) / Unauthenticated Remote Command Execution September 6, 2024
    Posted by malvuln on Sep 05Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: malvuln13 () gmail com Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) Vulnerability: Unauthenticated Remote Command Execution Family: JustJoke Type: PE32 MD5: 4dc39c05bcc93e600dd8de16f2f7c599 SHA256:...

Customers

Newsletter

{subscription_form_1}
Products and Solutions
Partners
Cloud Models
News
Google Reviews
Secure Online Desktop s.r.l.
Secure Online Desktop s.r.l.
4.9
Based on 37 reviews
powered by Google
review us on
Omid Fazeli
Omid Fazeli
06:59 20 Apr 18
They have a lot of solutions for any... kind of business. Lower prices than many others. The support service is always active and efficient.read more
See All Reviews
js_loader
Facebook
Secure Online Desktop s.r.l.
Secure Online Desktop s.r.l.
5.0
Based on 17 reviews
powered by Facebook
review us on
Paolo Raimondi
Paolo Raimondi
11:06 21 Apr 18
La Polimatica Progetti Srl, azienda di... cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR).read more
Ilaria Miglietta
Ilaria Miglietta
04:16 21 Apr 18
Servizi affidabili e di semplice... utilizzo. I loro tecnici molto attenti alle esigenze del cliente, continuate cosìread more
Francesca Marastoni
Francesca Marastoni
11:41 20 Apr 18
Excellent service company with... wonderful stuff. Highly recommended.

Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Alessio Liga
Alessio Liga
08:25 20 Apr 18
Servizi di alto livello, competenti e... disponibili a accettare nuove sfide per sviluppare business
Ottimo supportoread more
Matteo Revelli
Matteo Revelli
22:39 19 Apr 18
Ottima azienda, offre servizi di alta... qualità con personale competente e disponibile.read more
Lorenzo Munari
Lorenzo Munari
16:25 19 Apr 18
Azienda molto seria e... affidabile.

E' un piacere poter collaborare con realtà di questo tiporead more
Francisco Amadi
Francisco Amadi
10:41 19 Apr 18
Ho avuto il piacere di collaborare con... loro e spero vivamente che succeda di nuovo. Competenti, professionali, precisi e cordiali!read more
Davide Michelotto
Davide Michelotto
07:42 19 Apr 18
Ottimo servizio, seri professionisti al... timone della società e celerità nei tempi di risposta, oltre ogni aspettativa.read more
Gabriele Petralia
Gabriele Petralia
12:28 18 Apr 18
Luca Prati
Luca Prati
10:12 18 Apr 18
Azienda eccellente, consulenza... customizzata e puntuale.
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
Valerio Lezza
Valerio Lezza
21:35 17 Apr 18
Daniela Cospito Di Leo
Daniela Cospito Di Leo
21:20 17 Apr 18
More Reviews
js_loader
payments gateway
About