As End of Life Nears, More Than Half of Websites Still Use PHP V5
Found on Threatpost on Sunday, 21 October 2018
Despite end-of-life in the horizon, a new report by Web Technology Surveys found that PHP version 5 is still used by 61.8 percent of all server-side programming language websites. And, of those using version 5, 41.5 percent of websites are using version 5.6, the report said.
What this means is, security patches, upgrades and bug fixes will cease for end-of-life technology – putting that percentage of PHP-based websites using PHP 7.0 and below at risk.
With no doubt the writer of this article has not done any research at all and makes the same mistake as many so-called security analysists: blindly relying on version numbers. First of all, every admin should by default set expose_php to off to disable version information so it cannot be collected. That already messes up the numbers in the article. Even worse however is not knowing that the biggest player in the field of server operating systems, namely RedHat (and thus all others based on it, like CentOS), actively supports older PHP versions by backporting security patches. So, as long as admins keep their OS updated, bugs will be squashed, no matter if PHP itself has dropped support or not. Not knowing that should be embarrasssing to anybody who talks about webserver security. So in short, the article is completely misleading and entirely useless without taking the underlying server OS into the count.