Anthony Ferrara, Google developer advocate, grabbed our attention this new year’s eve with a blog showing over 78% of unsecure PHP installs ! That’s pretty huge, especially if we know that PHP is widely used on the internet, only 21% are secure ! The updated post did not change much of these numbers, it become 74% unsecure over 26% secure. Anthony counted how many PHP installs had at least one known security vulnerability, and it’s really pathetic to find this huge number of servers that did not upgrade for a reason or another.
This is absolutely and unequivocally pathetic. This means that over 78% of all PHP installs have at least one known security vulnerability. Pathetic.
Check your installed versions. Push for people to update. Don’t accept “if it works, don’t fix it.”… You have the power to change this, so change it.
Security is everyone’s problem. What matters is how you deal with it.
Updated raw data are available in this Google sheet collected by Anthony from W3Techs. Security is everyone’s problem, so it’s not because your website run correctly that you don’t have to upgrade your installation. Wondering why people are lazy to upgrade, or does the upgrade process is time-consuming, need updating code every time there is a major change in PHP versions … ?
What about you ? are you running secure version of PHP ?