Support

Akeeba Backup for Joomla!

#25365 php versions

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Sunday, 12 June 2016 05:39 CDT

Saturday, 11 June 2016 08:51 CDT

standib1
EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.

Description of my issue:
When updating Akeeba Backup to 5.x I am starting to get warning messages from Akeeba Backup about using php5.3.x. The warning includes language that indicates that support for this version has stopped and inferring that pretty much the whole world has moved on to newer versions. However SiteGround (I believe your preferred Hosting company) still uses 5.3.x as there default php version and every time I try to take a website to php5.6.x, parts of the site start breaking.
I understand why some extensions might break if they haven't been updated but if php is potentially so bad, why does SiteGround still use it as their default?
Thanks for explaining.

Regards

Sunday, 12 June 2016 05:39 CDT

nicholas
I AM NOT YOUR HOST. DO NOT ASK ME HOSTING QUESTIONS.

My educated guess is that SiteGround and other hosts use it by default because there is outdated PHP software out there that doesn't work with PHP 5.4. Of course we are talking about software that was last updated BEFORE 2012, making it insecure on its own right. For example sites based on Joomla! 1.5.18 or WordPress 3.2 won't run on PHP 5.4. These sites are insecure but the hosts don't want to drive these clients away. It's their business decision to weight the risks of running outdated, insecure PHP versions and software on their servers versus losing clients.

I can tell you as a developer that using PHP 5.3 is INSECURE. Period. I don't say that, the developers who write PHP say it. See http://php.net/eol.php and I quote from that page:

If you are using these releases, you are strongly urged to upgrade to a current version, as using older versions may expose you to security vulnerabilities and bugs that have been fixed in more recent versions of PHP.


So, really folks, please don't get angry with me because your host decided for whatever business reasons to use an outdated, insecure version of PHP as the default DESPITE the clear warning from the developers of PHP itself to not use it.

And to be fair, SiteGround lets you easily run any version branch of PHP on your site between 5.3 (INSECURE), 5.4 (INSECURE), 5.5 (about to be INSECURE in July), 5.6 (supported until Dec 2019) and 7.0 (RECOMMENDED, supported until Dec 2019). All of my sites are running on PHP 7.0 for security and performance reasons.

If you have further questions about your hosting environment please ask your host. My suggestion as a PHP developer and security expert, at the time of this writing, is to always use PHP 5.6 or 7.0 and never, ever think about using PHP 5.3 or 5.4 on a live site. When newer versions of PHP are releases I will change this recommendation to include newer versions of PHP. When 5.6 and 7.0 go end of life in December 2019 I will warn you not to use them.

Rule of thumb: DO NOT RUN END OF LIFE SOFTWARE THAT RECEIVES NO SECURITY UPDATES FOR THE SAME REASONS YOU DO NOT CONSUME FOOD PAST ITS EXPIRATION DATE.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!