They say that time goes fast when you’re having fun. We’re so busy running our business or working to get that project out that we forget that time is ticking away and that our software requires updates too.

Today is the last day that PHP 5.4 is getting security fixes. From tomorrow on, only PHP 5.5 and 5.6 will be receiving security updates. PHP 5.5 already expired on active support about 2 months ago and PHP 5.6 will expire in less than a year!

What does that mean for you?

Well, let me put it this way: if you’re running a version of PHP that’s no longer supported (actively or through security updates), the moment someone finds a security hole your application is in danger. It’s not a matter of “if” but “when” a malicious person uses that security breach to break into your application, your server or your complete infrastructure.

What can you do about it?

In most cases, if you run your own web server (physically or virtual) it’s just a matter of upgrading your system, which you should do anyhow. There are many step-by-step tutorials on how to upgrade your platforms and get the latest stable version of PHP (and other tools).

If you’re running your site on a “shared hosting”, you might have a tougher job ahead of you. Contacting your hosting provider will result often in a “we can’t upgrade because other customers are running older software that’s not compatible with the latest version of PHP”. True, there’s still a massive amount of servers out there that run PHP 5.2 and PHP 5.3 just to support their customers that run outdated software. Maybe it’s time to look at an alternative in a virtual server or cloud solution.

There’s no time, budget or expertise to change

Not everyone has the financial ability or the technical knowledge to migrate from one version to another. Maybe you didn’t even set it all up yourself. But look at it from the other point of view. How much time, money and effort does it require once your site is compromised because of a flaw in outdated software? Your brand reputation gets a big dent, you pay premium to resolve the issue as quickly as possible and maybe you face legal actions because data was compromised. Just like in health care: “prevention is better than the cure”.

Don’t wait until it’s too late! If you need assistance in finding a good solution for your situation, contact us for more information. We can help you finding a good partner to migrate your applications, to offer you hosting services or just to upgrade your software.

Categories: Buzz

Michelangelo van Dam

Michelangelo van Dam is a senior PHP architect, PHP community leader and international conference speaker with many contributions to PHP projects and community events.

Privacy Preference Center

Strictly Necessary Cookies

Cookies that are necessary for the site to function properly. As example we require a cookie to indicate you have agreed with our privacy settings and accepted the usage of cookies.

gdpr, PHPSESSION, JSESSIONID, wfvt_{hash}

Comment Cookies

When visitors comment on our news articles, and they have opted-in to save their details, we store a cookie on their computer to save their information. This is purely a convenience, so that the visitor doesn't need to re-type all their information again when they want to leave another comment.

They expire a little under one year from the time they're set.

comment_author_{HASH}, comment_author_email_{HASH}, comment_author_url_{HASH}

Marketing Cookies

For marketing purposes we use Google Analytics that will set cookies to capture your information.

_ga, _gid, _gat

3rd Party Cookies

These cookies are provided by third-party solutions providers from who we use their services (e.g. Twitter).

Depending on your own relationship with these services yourself, they also might set some cookies. Please review their privacy policy and cookie usage for more information.

_twitter_sess, ct0, guest_id, personalization_id, eu_cn, tk_tc, tk_ai, tk_qs, twostep_auth, wp-settings-{user_id}
_twitter_sess, ct0, guest_id, personalization_id, eu_cn
tk_tc, tk_ai, tk_qs, twostep_auth, wp-settings-{user_id}