Home > Article > Backend Development > Why php5 is unsafe
Why php5 is unsafe
- (*-*)浩Original
- 2019-10-14 10:54:203561browse
W3Techs, a network technology application research company, recently stated that based on the use of PHP versions by all websites, from January 1, 2019, nearly 62% of websites will be unable to obtain PHP versions. security updates and become vulnerable to malicious attacks. (Recommended learning: PHP video tutorial)
According to W3Techs’ survey, starting from the 15th of this month, the proportion of PHP used in the website samples it studied was as high as 78.9%, using PHP 5 The proportion of websites reaches 61.8%. Among subversions, the proportion of websites using PHP version 5.6 is 41.5%, with version 5 having the highest proportion.
According to the supported versions and schedule listed on the PHP official website (below), PHP 5.6 was released in 2014. Main support was closed on January 19, 2017, and security support will be released in 2018 Ends December 31st.
After two and a half months, websites using PHP version 5.6 will no longer receive updates for security vulnerabilities or bugs unless users pay for an update service from the operating system vendor.
If hackers discover and exploit vulnerabilities in older versions of PHP, it could put millions of websites and users at risk.
In fact, the major and security update period of PHP 5.6 has ended long ago, but due to the large number of websites used, the PHP maintenance organization once extended its support time respectively.
Some people describe this situation as a PHP time bomb. The newer PHP 7.0 will no longer have security support at EOL (End of Life) on December 1st this year. Even version 7.1 will reach end of life on December 1st. Security support ends after one year.
Among the three major website content management system (CMS) projects, only Drupal has announced that from March 6 next year, Drupal will support the minimum requirement of PHP 7 for web pages, and it is recommended to use version 7.1. Joomla recommends version 5.6 or higher, with support starting at 5.3.10. Wordpress recommends using PHP 7.2 or higher, with a minimum of 5.2.4 supported.
According to ZDNet, WordFence security component R&D director Sean Murphy said that the main target of PHP vulnerability exploitation is not in PHP itself, but in the PHP library and CMS system, but other security experts believe that etc. When the deadline comes, hackers will actively exploit the vulnerabilities in PHP 5.6.
The above is the detailed content of Why php5 is unsafe. For more information, please follow other related articles on the PHP Chinese website!