Most popular versions of PHP used by your customers are unsupported by PHP.net. This means that as security vulnerabilities are discovered, they will not be fixed by PHP.net in versions PHP 5.5 or older. That affects 84 percent of all PHP sites!
Here is a quick summary on numbers:
PHP.net is the most popular server-side programming language with 82 percent market share and by far the fastest growing amongst it’s competitors with ASP.net taking only 15% of the market.
As described in the above image, PHP5 is used by 97.8 percent of all websites who use PHP, and version 5.5 is used by 20 percent of all the websites who use PHP version 5. Because of this wide application usage, PHP is constantly exploited by hackers, making sites vulnerable.
Here is how PHP.net support normally works:
for two years, bugs and security issues that have been reported are fixed and are released in regular point releases. After that two year period, each version of PHP is supported for an additional year for critical security issues only. After the version reaches the end of life, it is no longer supported by the community and any vulnerabilities, when discovered, are no longer being fixed.
Currently, versions 5.0 – 5.5 are not supported by the community. This makes up 86 percent of all PHP 5 sites and 84 percent of all PHP sites. So, basically, most of the PHP sites are currently not supported by the PHP community.
How to keep customers PHP 5.5 websites secure:
Typically, unsupported versions present a security problem, and it means it is time to move the sites from unsupported versions, in this latest case PHP 5.5, to later versions. But more often than not, when a version becomes obsolete, website owners are not able to update and change programs to accommodate newer versions quickly to ensure the security of their site.
But as always, as long as you are using HardenedPHP that comes with CloudLinux OS or ServerPilot – you and your customer sites are safe. You don’t need to force customer upgrades to newer PHP version making them re-write scripts written for an older PHP version. You also don’t need to upgrade PHP on your servers and risk breaking their sites. And we’ve made a promise to our customers – we will continue backporting security patches to old versions of PHP for the foreseeable future.
With HardenedPHP in CloudLinux OS, you can secure old PHP versions, and with PHP Selector you can also offer various packaged PHP versions on a single shared web server to ensure maximum security and profitability.