Posts

PHP Version Selection & Hardened PHP

Most of our clients already know for a long time they could select the PHP version of their choice, we always have warned those clients that the best course of action is to upgrade to a supported version, and that advise stays the same. But for those who have no other choice as using the old version for whatever reason, we now have now HardenedPHP on all Cloudlinux servers.

Hardened PHP is a feature of CloudLinux OS that secures old and unsupported versions of PHP. In those old versions, including widely used 5.2, 5.3, and, as of September 14th, 2015 also 5.4, vulnerabilities, even if discovered, are not patched by the PHP.net community.

About 85% of all PHP sites use highly popular PHP versions like PHP 5.2, 5.3, and 5.4. Yet, versions 5.2 & 5.3 and, as of 9/14/2015 also version 5.4, are unsupported by the PHP.net community.

Web developers write their scripts to accommodate for a particular PHP version, but just because a version becomes obsolete, companies are not able to update and change programs to accommodate for newer versions.

HardenedPHP patches old PHP versions so that you do not have to force your customers to re-write scripts written for an older PHP version or, even worse, risk breaking their sites.

One important note, HardenedPHP does not make your insecure website secure ! there is no magic which can fix a security issue within the PHP script itself; HardenedPHP only fixes known security issues within the PHP code itself; not the scripts.

Over 100 vulnerabilities, of which many were critical, have been discovered for the unsupported versions of PHP and all have been patched by CloudLinux.