PHP Update Info

Deadline for action: September 14, 2015
Reason: System update from PHP 5.4 to 5.5
Affects: All Web hosting users not on Legacy PHP

Contents

1. Introduction: PHP and Deprecated Warnings
2. Updating Your Software, and Getting Help
3. If You Cannot Update: Legacy PHP Service
4. Tech Notes

1. Introduction: PHP and Deprecated Warnings

On September 14, we again will be updating the PHP software for all non-Legacy PHP users, from version 5.4 to 5.5. PHP 5.4 is an older version that, as of September 14, is no longer receiving even critical security updates. But rest assured, the interval before our next update will be considerably longer than this past one; the new version will take us through to June 2016.

If you received a special notice on August 11 about our upcoming PHP update titled “Outdated, insecure software…”, at least one error log in your Web hosting account is showing PHP Deprecated warnings – ie. your site uses features of PHP 5.4 that have been scheduled for removal in a later version. As we are required to continue updating the system in order to provide a functional, secure hosting environment, your site’s software must also be kept updated.

Updating your software will also apply what is probably a large number of missing security patches, without which your site is increasingly vulnerable to the numerous random attacks directed daily against every Web site. Updating it now, and continuing to do so regularly, is the only way to keep your account as secure as possible.

2. Updating Your Software, and Getting Help

You will need to update your software before our system update. This is your responsibility, and we regret that we don’t have the capacity to manage it for you, but an experienced Web developer or IT consultant should be able to handle it quickly (depending on the exact software and version).

For most open-source packages (eg. WordPress), updates can take just a minute and can be as simple as a few clicks in your software’s admin interface – see your software’s official Web site for help. Be sure to update all plugins or modules, in addition to the core software. But some packages (eg. Drupal, and some major-version upgrades of other Content Management Systems), will require a more manual process involving uploading and unpacking files, at the least. And any custom-written PHP code on your site will need to be updated by a developer.

If you need help with updating, you may want to try these providers (all from our Referrals page) or one of the others listed at techworker.coop:

3. If You Cannot Update: Legacy PHP Service

We have also created a last-resort alternative. If your software is more difficult to update than a few clicks, and you cannot get it done in time, we can move your account to a legacy configuration that will continue to use the previous version of PHP (5.3) until May 1, 2016. That should give you plenty of time to either upgrade your current software or, perhaps better, rebuild the site in different software that is more easily maintained. There will be an additional monthly fee for this legacy service: $10 for most (standard-budget) orgs, or $5 for low-budget orgs, $20 for high-budget.

But we will again strongly caution you to avoid this option if at all possible, as it means continuing to run vulnerable software on an increasingly insecure and obsolete system, which is ever more risky in today’s hostile Internet environment.

Please get in touch with us well in advance of September 14 if you are going to need this solution.

4. Tech Notes

To see the PHP warnings yourself, connect to your account by SFTP or SSH and change directory to weblogs/, then error/, and look for the file named for your domain (being sure to check all your domains, if more than one):

weblogs/error/your-domain

On the SSH command line, you could then run a search like “grep Deprecated your-domain“, or you could see currently logged errors in real time with a command like “tail -f your-domain” while loading the site in your Web browser. You can also just download the error logs via SFTP and then view them on your own computer. The logged warnings will tell you exactly which PHP script triggered them, and exactly which deprecated feature of PHP was invoked.

For further reading, see the authoritative reference for PHP 5.4->5.5 changes: http://php.net/manual/en/migration55.php, especially the Backwards Incompatible Changes section.