Websites are facing a PHP deadline coming up in 10 weeks. The Popular PHP 05.x will stop security updates by the end of the year and currently 62% of all Internet sites are running on it. PHP is a general-purpose scripting language that runs on a web server. PHP is used mostly to create dynamic web page content or dynamic images used on websites.
Mike Bittner, Digital Security & Operations Manager at The Media Trust:
“The looming PHP crisis demonstrates how companies continue to underestimate the risks their websites pose to the organization. Websites connect companies with not only their markets, but also bad actors, who are always on the lookout for vulnerabilities they can exploit like updates and patches they know companies too often overlook. Running a website is not a one-time event. Once you have it up, the bigger job is to continue maintaining and protecting it. Now that GDPR is in force and other data protection laws are being passed across the US and the rest of the world, website owners should take a more proactive approach to ensuring they are not the next victim of a website breach. After all, given how bad actors target small and large businesses alike, being it’s only a matter of time before a company finds itself in their crosshairs. In addition to making updates, however painful, website owners should continuously scan their websites to closely monitor all code executing on their site and identify any unauthorized activities. Hosting service providers should also do their part to push their customers to update as soon as possible. Failure to do so demonstrates negligence and could expose them to GDPR fines if they process data via their customers.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.