Nexcess Says Websites Using PHP 5.6 Are A Security Risk
Nexcess, a leading provider of performance-optimized WordPress, Magento, and WooCommerce hosting, has highlighted the risk of using unmaintained software on the web.
SOUTHFIELD, Mich. (PRWEB)January 28, 2019 - Nexcess, a leading provider of performance-optimized WordPress, Magento, and WooCommerce Hosting [WooCommerce hosting __title__ https://www.nexcess.net/woocommerce/hosting , has highlighted the risk of using unmaintained software on the web. The hosting provider is concerned that with the recent end of life of PHP 5.6 an enormous number of PHP-based websites rely on software that no longer receives bug fixes or patches to remove security vulnerabilities.
PHP is the programming language used by WordPress, Magento, and dozens of other content management and eCommerce platforms. PHP 5.6, which was released in August 2014, over four years ago, is used on around a quarter of all websites, including 35% of WordPress sites.
PHP 5.6 was supported with bug fixes until the beginning of 2017, and with security fixes until the end of 2018. From January 2019, no further work will be done on PHP 5.6. Newly discovered security vulnerabilities will not be patched. Tens of millions of websites rely on a complex piece of software that is no longer maintained.
“At Nexcess, PHP 7.X has been available for new sites and stores since it was first released in 2016, but we are concerned with the massive number of legacy sites hosted on older, unsupported, and possibly insecure versions of PHP,“ commented Chris Wells, President and CEO of Nexcess. “Although it is essential to support older sites that rely on outdated software, no hosting provider or site owner should launch new sites on software that isn’t maintained.”
In the last four years, security vulnerabilities were regularly discovered and fixed in PHP 5.6. It is a mature and stable platform, and no new vulnerabilities will be introduced because the code won’t change. However, bad actors and security researchers may discover vulnerabilities in the future. If they do, sites running on PHP 5.6 will be vulnerable and the risk will not be mitigated with security patches. With a user base in the tens of millions, a critical vulnerability in PHP 5.6 could be disastrous.
Nexcess encourages hosting providers and website owners to deploy new sites on supported software. CMS developers, including the WordPress team, plan to make PHP 7 the minimum supported version in the near future. In consequence, sites that don’t update to a modern PHP will be forced to use older versions of WordPress to avoid compatibility issues, further compounding the security problem.
Nexcess is a Southfield, Michigan-based cloud and managed application hosting company founded in 2000, with data centers distributed throughout the United States, Europe, and Australia. Nexcess offers a variety of performance-optimized and scalable managed cloud hosting solutions for Magento, WordPress, WooCommerce, ExpressionEngine, Craft CMS, and OroCRM. For more information, visit http://www.nexcess.net.