Running Wordpress on PHP7.2/7.3

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Paul&John
    Confirmed User
    • Aug 2005
    • 8643

    #1

    Running Wordpress on PHP7.2/7.3

    Hi there!

    How big of a security risk is running Wordpress on older versions of PHP? And when considering an upgrade one should move to 7.4 or the latest stable of 8.x? (I usually have only 2-3 plugins, so I guess the upgrade shouldn't cause much of a trouble)

    I wasn't thinking about updating it, but one of the blogs is using AIOSEO and it says the support for 7.3.3 will be discontinued this year.

    Thanks.
    Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
    Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here
  • ladida
    Confirmed User
    • Nov 2005
    • 2179

    #2
    Your problem won't be the php version, but wordpress itself.
    agentGFY *at* gmail.com

    Comment

    • Paul&John
      Confirmed User
      • Aug 2005
      • 8643

      #3
      You mean security wise? Fortunately I didn't had any issues (hacks etc) in the last year (or I just dont know about it which is always a possibility).
      Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
      Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

      Comment

      • k0nr4d
        Confirmed User
        • Aug 2006
        • 9231

        #4
        Your issue won't be with PHP, it will be with wordpress itself if it's an older version + whatever million plugins you have installed for it. You don't even get the common courtesy of a human being hacking you anymore, it's just bots doing it at this point. If you are running PHP 5 or PHP 8 it won't make a difference if your code has exploits.

        The PHP version is largely irrelevant - I know alot of people are all worried about EOL on PHP 7 and so forth but the concern with these older PHP versions isn't that your site will get hacked - anything exploit that comes out for older PHP is very likely to be something that requires local access to the server to begin with rather then something that can be done remotely. There's still sites running PHP 5.2 out there and not getting hacked.
        Mechanical Bunny Media
        Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

        Comment

        • ladida
          Confirmed User
          • Nov 2005
          • 2179

          #5
          Originally posted by Paul&John
          You mean security wise? Fortunately I didn't had any issues (hacks etc) in the last year (or I just dont know about it which is always a possibility).
          Yes, was talking security wise. As Konrad up there mentioned also, i know plenty of sites on php 5. Nothing wrong with them. They might have some upgrading issues like you're facing etc, but other then that, it works, it won't stop working cause of eol.
          agentGFY *at* gmail.com

          Comment

          • Klen
            • Aug 2006
            • 32235

            #6
            It depend on several factors , like:

            - How big is your site. If your site receives only few hits daily mostly like nobody knows about it therefore wont be interesting to "get in" even if you leave open door
            - what kind of plugins you have installed
            - is it WordPress version up to date
            - do you have installed script firewall of any kind (mod security, CSF, your own rules)
            - do you have installed security patches for old PHP version

            Comment

            • k0nr4d
              Confirmed User
              • Aug 2006
              • 9231

              #7
              Originally posted by Klen
              It depend on several factors , like:

              - How big is your site. If your site receives only few hits daily mostly like nobody knows about it therefore wont be interesting to "get in" even if you leave open door
              Bots are going to hammer it 24/7 looking for exploits. If he has anything else on the same server it can get compromised.

              Like I said though bigger issue is old wordpress and plugins and not PHP or Apache itself.
              Mechanical Bunny Media
              Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

              Comment

              • Mr Pheer
                So Fucking Banned
                • Dec 2002
                • 22083

                #8
                Best thing you can do is get rid of "Generated by wordpress" and all other wordpress identifiers out of your source code. There are plugins to help do that.

                Comment

                • k0nr4d
                  Confirmed User
                  • Aug 2006
                  • 9231

                  #9
                  Originally posted by Mr Pheer
                  Best thing you can do is get rid of "Generated by wordpress" and all other wordpress identifiers out of your source code. There are plugins to help do that.
                  That will make no difference. There are other markers that something is wordpress like shit in the html source with directories like wp-content and so forth.
                  Mechanical Bunny Media
                  Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                  Comment

                  • Mr Pheer
                    So Fucking Banned
                    • Dec 2002
                    • 22083

                    #10
                    Originally posted by k0nr4d
                    That will make no difference. There are other markers that something is wordpress like shit in the html source with directories like wp-content and so forth.
                    It isn't foolproof, but it helps. Not all bots are searching for every marker. Most are searching for the most obvious.

                    Comment

                    • k0nr4d
                      Confirmed User
                      • Aug 2006
                      • 9231

                      #11
                      Originally posted by Mr Pheer
                      It isn't foolproof, but it helps. Not all bots are searching for every marker. Most are searching for the most obvious.
                      The bots are searching for known exploits, so they'll attack specific files and paths for specific plugins. They aren't just looking for wordpress installations in general.
                      Mechanical Bunny Media
                      Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                      Comment

                      • Klen
                        • Aug 2006
                        • 32235

                        #12
                        Originally posted by k0nr4d
                        Bots are going to hammer it 24/7 looking for exploits. If he has anything else on the same server it can get compromised.

                        Like I said though bigger issue is old wordpress and plugins and not PHP or Apache itself.
                        I base that on behavior on two remain sites which i have - first one , which was my flagship site and had 65k daily traffic and tons of backlinks at one point but now almost nothing, it is still hammered on daily bases by various bots trying get into wordpress and other common security holes. But the second site which had only 3k daily in it's best day and which is even older site, from year 1998, but it's not hammered by any bot compared to first site.

                        Comment

                        • Paul&John
                          Confirmed User
                          • Aug 2005
                          • 8643

                          #13
                          Thanks for the answers
                          Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
                          Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

                          Comment

                          • Huggles
                            GFY'S #1 retard
                            • Feb 2003
                            • 12509

                            #14
                            Good thing about Wordpress is even if someone hacked my shit and destroyed my entire site I could have my backup running again in 10 minutes.
                            https://3-veo.com/
                            The best AI video maker portal.

                            Comment

                            • k0nr4d
                              Confirmed User
                              • Aug 2006
                              • 9231

                              #15
                              Originally posted by Huggles
                              Good thing about Wordpress is even if someone hacked my shit and destroyed my entire site I could have my backup running again in 10 minutes.
                              No one really destroys sites now unless they hate you specifically. What they do instead is they make redirects to some affiliate offers to make money off your traffic. Sometimes it takes weeks or months before people realize they were even hacked because it only redirects for certain geos for instance.
                              Mechanical Bunny Media
                              Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                              Comment

                              • Huggles
                                GFY'S #1 retard
                                • Feb 2003
                                • 12509

                                #16
                                Originally posted by k0nr4d
                                No one really destroys sites now unless they hate you specifically. What they do instead is they make redirects to some affiliate offers to make money off your traffic. Sometimes it takes weeks or months before people realize they were even hacked because it only redirects for certain geos for instance.

                                Well I make $0 off my site right now so does it even fucking matter?


                                I have the most innovative, most advanced website for media display... $0 per month


                                Meanwhile if you run a shit tube you can be loaded with 0 innovation


                                Such is life in 2023
                                https://3-veo.com/
                                The best AI video maker portal.

                                Comment

                                • Klen
                                  • Aug 2006
                                  • 32235

                                  #17
                                  Originally posted by k0nr4d
                                  No one really destroys sites now unless they hate you specifically. What they do instead is they make redirects to some affiliate offers to make money off your traffic. Sometimes it takes weeks or months before people realize they were even hacked because it only redirects for certain geos for instance.
                                  Yep. times when purpose of hacking was to post message "you been defaced" are long gone.

                                  Comment

                                  • k0nr4d
                                    Confirmed User
                                    • Aug 2006
                                    • 9231

                                    #18
                                    Originally posted by Huggles
                                    Well I make $0 off my site right now so does it even fucking matter?


                                    I have the most innovative, most advanced website for media display... $0 per month
                                    Yeah but maybe the hacker is making money
                                    Mechanical Bunny Media
                                    Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

                                    Comment

                                    • Colmike9
                                      (>^_^)b
                                      • Dec 2011
                                      • 7230

                                      #19
                                      Originally posted by Klen
                                      Yep. times when purpose of hacking was to post message "you been defaced" are long gone.
                                      I still do this
                                      Join the BEST cam affiliate program on the internet!
                                      I've referred over $1.7mil in spending this past year, you should join in.
                                      I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

                                      Comment

                                      • SCORE Ralph
                                        Confirmed User
                                        • Mar 2003
                                        • 2090

                                        #20
                                        Originally posted by k0nr4d
                                        That will make no difference. There are other markers that something is wordpress like shit in the html source with directories like wp-content and so forth.
                                        Leaving your default folder structure is a big security issue. I can't tell you how many times I check for wp-admin and shake my head that a login pops up.
                                        GetSCORECash.com | In the Biz Since 1991
                                        Big Tits | Granny & MILFs | Amateurs | Big Booty | Foot Fetish | BBW | Teens
                                        Hosted Embeds | MP4s | RSS Feeds | FHGs | Model Directory

                                        Comment

                                        • sandman!
                                          Icq: 14420613
                                          • Mar 2001
                                          • 15431

                                          #21
                                          Old plugins is where you will get fucked
                                          Need WebHosting ? Email me for some great deals [email protected]

                                          Comment

                                          • Colmike9
                                            (>^_^)b
                                            • Dec 2011
                                            • 7230

                                            #22
                                            Just use Joomla, no one hacks that unless it's a targeted brute force to get login info or something not worth the effort like that.
                                            Join the BEST cam affiliate program on the internet!
                                            I've referred over $1.7mil in spending this past year, you should join in.
                                            I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

                                            Comment

                                            • Klen
                                              • Aug 2006
                                              • 32235

                                              #23
                                              Originally posted by Colmike9
                                              I still do this
                                              You going to jail pal

                                              Comment

                                              • Huggles
                                                GFY'S #1 retard
                                                • Feb 2003
                                                • 12509

                                                #24
                                                Wordpress is actually pretty awesome... so much shit you can do with it, mostly for free!
                                                https://3-veo.com/
                                                The best AI video maker portal.

                                                Comment

                                                • ladida
                                                  Confirmed User
                                                  • Nov 2005
                                                  • 2179

                                                  #25
                                                  Originally posted by SCORE Ralph
                                                  Leaving your default folder structure is a big security issue. I can't tell you how many times I check for wp-admin and shake my head that a login pops up.
                                                  It's not a "big security issue" :P. It's actually just a small nuissance. You think it would take a long time to find your admin login?
                                                  Furthermore, your admin login is irrelevant. You can identify wordpress just through certain source code things. Check wpscan. it has a hash for each wordpress version, so not only are you going to get identified, you're also going to be identified which version of wordpress you're running just from looking at your index source code and how it's layed out. Then it's free game, every plugin you have will get identified, and then the fun starts.
                                                  agentGFY *at* gmail.com

                                                  Comment

                                                  • Colmike9
                                                    (>^_^)b
                                                    • Dec 2011
                                                    • 7230

                                                    #26
                                                    Honestly, no one's going to bother with hacking a WP porn site, except for rare targeted cases.
                                                    All I ever did were things like doing an injection when WP was more vulnerable with sites using pagination and not setting it up to use slugs, then adding in a funny pic somewhere. Or getting into workers' computers, turning up the volume, then making Appletalk scare them..
                                                    Or in school, making the teacher's CD drive constantly open
                                                    Join the BEST cam affiliate program on the internet!
                                                    I've referred over $1.7mil in spending this past year, you should join in.
                                                    I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

                                                    Comment

                                                    • fris
                                                      Too lazy to set a custom title
                                                      • Aug 2002
                                                      • 55679

                                                      #27
                                                      too many hosts have servers with outdated php. for wp minimum is 7.4, but 8.0 or 8.1 (this is what i use)

                                                      7.4 is the more "safe" version as some peoples code may be incompatible with 8.1 etc.

                                                      i noticed while doing dev work for a few clients on vacares, they are shipping 7.3 on their servers wish they could upgrade the defaults for that, its a pain when doing work and want to use updated code.
                                                      Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                                      Comment

                                                      • ladida
                                                        Confirmed User
                                                        • Nov 2005
                                                        • 2179

                                                        #28
                                                        Originally posted by Colmike9
                                                        All I ever did <cut> Or getting into workers' computers, turning up the volume, then making Appletalk scare them..
                                                        Or in school, making the teacher's CD drive constantly open
                                                        Yea, the way you describe things, it's rather clear you didnt do anything.
                                                        agentGFY *at* gmail.com

                                                        Comment

                                                        • Colmike9
                                                          (>^_^)b
                                                          • Dec 2011
                                                          • 7230

                                                          #29
                                                          Originally posted by ladida
                                                          Yea, the way you describe things, it's rather clear you didnt do anything.
                                                          k
                                                          Join the BEST cam affiliate program on the internet!
                                                          I've referred over $1.7mil in spending this past year, you should join in.
                                                          I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

                                                          Comment

                                                          • Kittens
                                                            👏 REVOLUTIONARY 👏
                                                            • Jan 2016
                                                            • 1440

                                                            #30
                                                            Originally posted by Huggles
                                                            Well I make $0 off my site right now so does it even fucking matter?


                                                            I have the most innovative, most advanced website for media display... $0 per month


                                                            Meanwhile if you run a shit tube you can be loaded with 0 innovation


                                                            Such is life in 2023
                                                            The worst part is that you think if you get hacked that someone's gonna inject an ad on your site and not completely destroy your server IP and domain's reputation with spam filters because the main reason to hack sites is to spam from them.

                                                            But hey, when you're back here in a month complaining don't act surprised when people point at your neglect here as the reason why.

                                                            Comment

                                                            • jamezon
                                                              Confirmed User
                                                              • Apr 2019
                                                              • 136

                                                              #31
                                                              you can mitigate a lot of potential wordpress attacks on cloudflare with filters, if you know a bit about wordpress and bots and attackers metrics . i use a couple of older wp versions and also older php versions and they havent been hacked yet. just close everything that lets people from outside try to comment, mail, post etc. the easiest way is to use cloudflares waf > xmlrpc.php, wp-login.php, wp-comments.php, wp-admin, wp-mail, rest api, throw and block everyone out who is trying to access those from outside,+ it also takes load from your own server , its also good to do this on newer versions

                                                              Comment

                                                              • fris
                                                                Too lazy to set a custom title
                                                                • Aug 2002
                                                                • 55679

                                                                #32
                                                                Originally posted by Mr Pheer
                                                                Best thing you can do is get rid of "Generated by wordpress" and all other wordpress identifiers out of your source code. There are plugins to help do that.
                                                                add_filter( 'the_generator', '__return_null' );
                                                                Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                                                Comment

                                                                Working...