At the end of 2018, PHP will stop releasing security updates and supporting PHP 5.6 as well as PHP 7.0. Considering there are millions of websites who are still running these old versions of the PHP framework, this move can put those millions of websites at risk. Some experts predict that flaws found in new and supported versions of PHP might be exploitable in the older versions too, but only 7.x will receive security updates.
Your main defense against such risks is to upgrade to a version higher than 7.0 before the end of year, such as PHP 7.3. To encourage users to upgrade website content management systems need to bump up their minimum requirements. Web hosts need to develop upgrade programs to help and encourage their users to upgrade.
The biggest challenge to overcoming this problem is inertia from the big companies and developers who depend on PHP 5. For example, WordPress still has support for PHP 5.2, which reached its end of life in 2011. WordPress is used for more than a quarter of all sites on the internet. Companies fear the flood of support requests that come as a result of rolling out PHP version upgrades to a large number of sites.
So make sure you update, and use systems that support the updated PHP versions. The risks of neglecting this are hacked sites, which could result in stolen user details, data breaches and massive fines of up to 4% of your turnover under GDPR legislation.
*** This is a Security Bloggers Network syndicated blog from Netsparker, Web Application Security Scanner authored by Allen Baird. Read the original post at: https://www.netsparker.com/blog/web-security/end-of-support-for-php-5/