Move to PHP 7 before Jan 2019 or Risk Getting Hacked!

Posted by admin on October 19, 2018

We were all quite excited here at Antropy back in 2015 when PHP 7 was released because it included improvements all round as well as a massive 70% speed increase. PHP had received a turbocharger!

We encouraged everyone to upgrade at the time - it's the quickest and easiest way to get a 70% speed boost - and at every opportunity since.

Now, however, we're approaching the end of support for PHP 5.6 which means if a security hole is found after the end of 2018, it won't be patched. While PHP is pretty secure and vulnerabilities relatively rare, it's likely that the knowledge holes won't be patched will spur hackers on to start probing.

The good news is that it's usually very easy to upgrade to PHP 7. In most cases, all you have to do is:

  1. Log in to cPanel or your hosting control panel.
  2. Find where to select the PHP version.
  3. Select PHP 7 and click save.
  4. Check the website still works (the best way is usually by doing a test order).

PHP 7 should work fine with OpenCart right back to version 1.5.x, but there is a possibility that it might not work with all of your extensions.

It's very easy to switch to PHP 7 for 30 seconds and switch back if something goes wrong so on less busy sites, that's probably a good way forward. On busier sites (or sites with more extensions) it might be worth switching a dev copy to PHP 7 and doing thorough testing before donig the same on the live site.

What if I don't?

The risk is probably relatively low at first but as time goes on, the chance of vulnerabilities being found in PHP 5.6 increases. If a hole is found it could mean hackers can get in to your site without your knowledge and start siphoning off credit card details as described here in a hack that *may* in some cases have come from a known PHP 5.3 hole, or (more likely) weak admin passwords.

What did you think of this article? Will you upgrade to PHP 7? Let us know in the comments!

blog comments powered by Disqus