Security problems with old PHP versions

Mathijs Baas
  • almost 2 years ago
  • 1 min read

Hackers can take advantage of vulnerabilities when your website is running on an old PHP version. PHP is a widely-used open source scripting language that is especially suited for web development. Many companies use PHP as a scripting language for their website.

Since the end of 2018, PHP 5 is no longer being supported, with more than 5,3M websites still running on it. This means that any vulnerability discovered since the beginning of January 2019 remains a threat. 

In many cases, the scripting language including the version can be found in the HTTP headers. They contain additional information about the server that is generating the website, such as operating system, compression and scripting language.

Every month we index all domains and store the HTTP headers of each website. Using this data, we can show which domains are running on outdated, unsupported and unsecure versions of PHP. Among the most serious security threats are disk operating systems (DOS) and gaining privileges.

71% of all the websites are using an unsupported PHP version.

Subscribe to our newsletter to stay in the loop about the latest insights and developments around web data.