PHP 5 will stop supporting at the end of the year, 60% of users will face security risks
W3Techs, a network technology applied research company, recently said that according to the PHP version of all websites, since January 1, 2019, nearly 62% of sites will be maliciously attacked because they cannot obtain security updates.
According to the W3Techs survey, starting from the 15th of this month, the proportion of PHP used in the sample of the research website was as high as 78.9%, and the portion of websites using PHP 5 reached 61.8%. In the subversion, the percentage of sites using PHP version 5.6 is 41.5%, and the proportion using version 5 is the highest.
According to the support version and timetable listed on the official PHP website (below), PHP 5.6 was released in 2014, the primary support was closed on January 19, 2017, and security support will be terminated on December 31, 2018. That is, two and a half months later, sites using the PHP 5.6 version will no longer receive security vulnerabilities or bug updates unless the user pays for the operating system vendor’s update service fee. If hackers find and exploit vulnerabilities in older versions of PHP, they can put millions of websites and users at risk.
The primary and security update period for PHP 5.6 has long since ended, but because of the number of websites used, the PHP maintenance organisation once extended its support time.
Some people describe this as a PHP time bomb. The newer PHP 7.0 will no longer provide security support on EOL (end of life) on December 1 this year. Even version 7.1 will be terminated on December 1. End of security support after one year.
Of the three primary content management system (CMS) projects, only Drupal announced that from March 6 next year, the Drupal support page minimum requirement PHP 7, is recommended to use version 7.1. Joomla recommends 5.6 or higher with a lower limit of 5.3.10. Wordpress recommends PHP 7.2 or higher with a minimum of 5.2.4.
According to ZDNet, Sean Murphy, director of security component development at WordFence, said that the primary goal of PHP exploits is not in PHP itself, but in PHP libraries and CMS systems, but other security experts believe that hackers will take advantage of deadlines vulnerabilities in PHP 5.6.