Security: vulnerable PHP versions

This guide explains why it is dangerous to use a PHP version which is not officially kept updated and how to use a more recent PHP version with a site hosted with Infomaniak.

Is it dangerous to use an obsolete version of PHP?

When you use a (soon to be) vulnerable version of PHP on one or more of your sites, a warning message is displayed in the control panel of the hostings concerned.

PHP language regularly evolves and when you use a version of PHP which is not kept updated, you expose your website to security risks. Malicious persons could exploit known security faults, for example, to enter your site and modify its content. It is therefore highly recommended that you always use a recent version of PHP.

3 statuses are possible:

• the version of PHP is fully supported: no action is required
• the version of PHP only receives security updates: it is recommended that you use a more recent version of PHP
• the version of PHP is not kept updated: it is highly recommended that you use a more recent version of PHP

To find out more: http://php.net/supported-versions.php (external link)

Using a more recent version of PHP

The latest versions of PHP are more reliable and speed up website loading.

Before using a more recent version of PHP, it is important to take the following precautions:

• if your site works with a CMS or web application (WordPress, Joomla, Drupal, etc.), you are advised to check that its current version is compatible with the version of php you intend to use
• if your site was developed manually, you need to consult the official PHP documentation in order to learn about the modified functions as well as potential incompatibilities

If you experience problems after migrating a site to a more recent version of PHP, it is easy to go back to a previous version of PHP.

Using a more recent version of PHP: https://faq.infomaniak.com/2053