Upgrade PHP 5.6 to 7


PHP is a programming language that can run with Apache or Microsoft IIS and works with your server to execute the requests that make up your website. 88% of online sites run on, soon to be vulnerable PHP 5.X technology. At the close of this year, scheduled by Dec 31, 2018 security support will end for our dear old friend PHP 5.6, meaning bugs and security fixes will not be tended to and could lead to security vulnerabilities. 
Each PHP version gets supported actively for two years while the third year only get critical security updates. Luckily, the PHP gods had smiled upon us and extended the life for just a year longer than the typical PHP version before giving us the new year deadline. For all of you developers out there wanting to know exactly what is changing, here’s a helpful migration guide from PHP 5.6 to PHP 7.X.

While the last of PHP 5 closes out with PHP 5.6, this will inevitably leave websites utilizing PHP 5 vulnerable to attacks as well as poor performance. It has substantially reached its infamous End of Life (EOL) title. Switching to the newer PHP 7 versions is not only good for the security, but updating can ultimately save you money. Reducing the cost of doing business by avoiding software incompatibility and compliance issues. If an emotional headache isn’t enough to persuade developers to switch, the benefits will. Benchmarks show PHP 7.x has been tested to run three times faster than PHP5.6!

Let’s see:

  • Faster performance resulting in less memory usage
  • Three times faster page loads*
  • Better for heavy traffic sites
*Performance increase as benchmarked in a testing environment. Other developer’s website performance changes between PHP 5 and PHP 7 may vary.

If you are in a shared environment that manages the OS and framework, then your hosting provider should be sending out notifications of the upcoming change, their plan of action, and cut off dates. Our managed hosting products, such as Storm VPS, Cloud Sites or Managed WordPress, have support teams that can help you switch from PHP 5.X to PHP 7.X easily. Our Managed WordPress product has a compatibility checker built in & one click button to upgrade, yet another reason to love it!


While using WordPress to power your site you can check some vital aspects by going to the
WordPress plugin page and searching for the plugins that you use. Once you find the plugin or themes that you utilize, their spec pages will usually say what PHP version they employ. Also, check out the review tab for comments from users as this section gives useful information. This review tab is helpful for seeing if others have had issues with the plugin or theme and newer PHP versions. It is good practice to look up reviews and see what people have been saying about said plugin. If you don’t see any responses or it hasn’t rated well, then you will want to stray away from it. If you use custom plugins, check with your developer to see how they operate in new PHP versions. The WordPress Compatibility Plugin check will give you a list of plugins and themes that may not mesh well with PHP 7.X.

If you run a mission-critical site its best to do a compatibility checker because blindly upgrading could result in some parts of your page to not function. Checking PHP compatibility, as you would imagine, is a little more in depth but from research online, there is a compatibility checker for VPS servers that you can utilize by downloading the repo from GitHub.

It is worthwhile to note that some plugins may need a PHP module to be installed for the plugin to work. When upgrading the PHP version, you may also need to re-install the PHP module. Fortunately, our support team can assist with installing any PHP module you may need or give the best course of action if the PHP module is not available for your PHP version.

If you are using a Linux VPS the easiest way to check is to ssh into your server and run the following command via your terminal:

php --versionOutput: PHP 7.0.30 (cli) (built: Jun 26 2018 20:34:16)

cPanel:

Note
It’s important to make a backup of your site before migrating to PHP 7.X

Search php, select Multi PHP Manager, will show this screen to show which php version you are using. While on the PHP Version screen you can update the PHP version here by clicking on the check mark next to the domain and selecting the desired PHP version on the right drop down and click Apply.

Search For PHP and Click MulitPHP Manager Icon

DNF (Dandified Yum) Command Examples: Install, Remove, Upgrade, and Downgrade

DNF (Dandified Yum) 101: Basic Package Manager Interaction
I. What is DNF (Dandified Yum)?
II. DNF Examples: Install, Remove, Upgrade, and Downgrade

Install a Package

Syntax:

dnf install <package>

Install a Single Package – Example:

dnf install mysql-server

Where mysql-server is the package name.

Install Multiple Packages – Example:

dnf install mysql-server mysql

Where mysql-server and mysql are the package names.

Continue reading “DNF (Dandified Yum) Command Examples: Install, Remove, Upgrade, and Downgrade”

Information on CVE-2015-3456 QEMU Vulnerability (VENOM)

Overview

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Impact

Specifically a flaw with how QEMU handles out-of-bounds memory access, exploitation can cause the entire hypervisor to crash and may allow an attacker to access other virtual machines outside of their own.

Summary
  • Made public on May 13, 2015
  • This flaw exploits QEMU, a generic and open source machine emulator.
  • Allows for an attacker to access other virtual machines outside of their own.
Resolution

A patch is available, and Liquid Web’s Heroic Support has proactively scheduled a reboot to patch all affected servers.

Continue reading “Information on CVE-2015-3456 QEMU Vulnerability (VENOM)”

How to Update a WordPress Plugin

Step 1: Login to WordPress as Administrator

Hopefully, you’re already well-versed in logging into your WordPress site as an administrator!

Step 2: Access Updates

If there is an update for a plugin or a theme, then you’ll likely have a number in the top bar and next to Updates as shown below (the number 5). Click on Updates!

How To Update a WordPress Plugin - 01

Step 3: Select All the Plugins

Check the box for Select All:

How To Update a WordPress Plugin - 02

Step 4: Update the Plugins

Click on Update Plugins:

How To Update a WordPress Plugin

And at the end of the update process you should receive something similar to, All updates have been completed.

How To Update a WordPress Plugin

Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS

A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and gethostbyname2() function calls, that allows a remote attacker to potentially execute arbitrary code. CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.

Liquid Web package repositories have been updated. Many servers (barring those with updates disabled) have received an update that patches this vulnerability, however, a reboot will still be required in those cases.

Continue reading “Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS”

How to Update Bash on Fedora 20 and Fedora 21

Pre-Flight Check
  • These instructions are intended specifically for updating Bash on Fedora 20 and Fedora 21.
  • I’ll be working from both a Liquid Web Self Managed Fedora 20 server and a Liquid Web Self Managed Fedora 21 server, and I’ll be logged in as root.

Continue reading “How to Update Bash on Fedora 20 and Fedora 21”

Information on CVE-2014-9322 Vulnerability for Red Hat and CentOS

A vulnerability found in the Linux kernel, specifically a flaw in fault handling associated with the Stack Segment (SS), allows an unprivileged user to potentially gain privileges. CentOS 4, CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.
Continue reading “Information on CVE-2014-9322 Vulnerability for Red Hat and CentOS”

Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

While Liquid Web immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors. Thus, we’ve provided the instruction below.

To Summarize:

  • This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.
  • Allows for remote code execution, and many types of command-line based attacks.
  • A patch is available, and your server can be easily updated.
  • We have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.
  • Test the vulnerability of your server with the information below.

Continue reading “Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)”