Over three-quarters of all installs are insecure, research shows

A recent article in the UK Register stated that more than 78 per cent of all PHP installations are running with at least one known security vulnerability, a researcher has found.

The researcher, Anthony Ferrara reached this disturbing conclusion by correlating statistics from web survey site W3Techs  against lists of known vulnerabilities in various versions of PHP.

What he found is that far too many PHP-powered websites (WordPress, Drupal,  Joomla, etc) are using insecure versions of the language. So much so he asserts it’s actually easier to find an insecure PHP setup on the internet than a secure one. “This is absolutely and unequivocally pathetic,” Ferrara wrote.

The two most popular PHP releases, according to W3Techs’ statistics, were versions 5.2.17 and 5.3.29. Together, they accounted for 24 per cent of the total – and both are insecure.

Curious to see how Darwin rated we submitted a considerable number of local companies’ Web sites through the  w3techs.com/sites interface.

We’re pleased to say that TheWebHostingMachine, Digital Mojo and Dash Media displayed up to date versions of PHP (above 5.3.29) across all their web sites that we submitted.

We’re not pleased to say that other suppliers’ web sites that we submitted unfortunately lined up with the global trend. Like Anthony Ferrara we found far too many web sites made by Darwin companies were running PHP 5.2.17 (four past its end of life date).

If you want to test your own web site, just go to w3techs.com/sites and enter in your domain name.

Contact us if you think we can help you with your web site security.