Keeping your website’s software up to date is a key aspect for securing it against hackers. PHP is the language used ‘under the covers’ in WordPress so managing PHP updates for your business website is an important factor in avoiding being hacked.
The Sixty Four dollar question is “Who is managing PHP versions and updates in your website?” Chances are that no one is doing it. While you may assume your web developer is, chances are that it’s very unlikely they aren’t.
What is PHP?
PHP is buried deep in the layers of your site’s software – we geeks call it your ‘software stack’ – so you are unlikely to bump into PHP let alone its version unless you’re delving deeply into the gizzards of WordPress.
PHP or ‘Hypertext preprocessor is a general-purpose scripting language used widely in web technologies since the mid 1990’s.
The popularity of WordPress and other Content Management Systems that use PHP have popularised the use of this language. PHP is buried deep ‘in the stack ‘ so few people have the opportunity to interact with it, even though they use these systems that rely on PHP.
Like many software services, PHP undergoes continual evolution which leads to the need to release and install updates from time to time. PHP is resident inside your website’s web server, so this is where the updates take place.
While the PHP scripting language itself is arguably secure, bad coding or lack of application security disciplines create most of the ‘exploits’ that hackers utilise to gain access, then compromise systems.
Never-the-less, some of the PHP releases do in fact address known security exposures.
Probably the key thing here is that as PHP versions increment, earlier versions are no longer supported. This means that if hackers uncover an exploit in an earlier version of PHP, especially one that is no longer supported, then that version of PHP is dangerous to continue using.
PHP version ‘calendar’ Source: https://www.php.net/
How do I check if my PHP is up to date?
My favourite tool for this is the Healthcheck and Troubleshooting plugin. Not only will it let you now if your PHP is out of date, it will also identify any other ‘health’ related issues, categorised into a sensible order of priority.
Who managing my website’s PHP version?
In most cases, there are PHP version settings in your Web hosting account’s Control Panel. This will enable you to auto-manage the PHP versions by either:
- Opt into the web hosts suggested PHP version
Web hosts are becoming more active with their PHP version control. If your web host chooses not to, then its up to you to manage this.
- Preselect a particular PHP version
Preselecting the PHP version is extremely helpful if you’ve got a temperamental theme or plugin that doesn’t play well with the current PHP version.There’s a surprising number of these, and freezing the PHP version should only be treated as a stop-gap measure. It’s the space-saver tyre of PHP – ie only to be used while you’re sorting out the real issue. While you’ve frozen your PHP version you risk exposing your site to PHP version exploits and the hackers looking for this.
Not likely your website developer.
Don’t expect your web developer to be familiar with PHP version management, or indeed routinely check your website’s PHP version. It’s not usually in their brief or skill set. Don’t get me wrong. Web developers are generally good and talented people, but their focus is on how your site looks and operates.
The key message here is that in most cases, there really isn’t anyone who ‘manages’ your website’s PHP.
- Your web host are focussed on keeping their web server and hence your website running
- Your web developer is focused on optimising your website’s User Interface (UX) so users enjoy and engage in the experience using your website
- Your SEO service provider wants your website to attract prospective clients who are searching for on-topic keywords
- Your SEM and Social Media agency just want some for their ads to land
The team here at Website Concierge wants your site to perform robustly, but also ensure your site doesn’t get hacked along the journey. That’s why we care about your site’s technical underbelly, and PHP version management is an element of that.
We do that so you don’t have to worry about it.
An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.
Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.