Innovate faster and cut risk with PHP experts from Zend Services.
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
This blog explains:
Using the newest version of PHP is one of the best and easiest ways to keep your PHP applications secure. It really takes just one kink in the armor for the bad guys to get in, so it’s critical to close any vulnerability that a hacker can exploit to gain access to your sensitive data.
Because they are accessible via browsers, public-facing web applications are easier for hackers to target, compared with applications sitting on a corporate intranet. And even though most organizations use infrastructure systems such as web application firewalls, these are often considered inadequate for deterring a sophisticated attacker. Securing apps requires a multi-faceted approach designed for the worst-case attack scenario that includes:
I say worse-case scenario because it’s always better to be as proactive as possible when it comes to security, regardless of the size of your company.
While all listed security approaches are critical, designing your code, configurations, and infrastructure with the best-possible security can be extremely time consuming. Keeping your applications patched is relatively simple.
Unfortunately, most companies don’t even know when an application has been compromised. After successfully gaining access into an application, many hackers will sit quietly even though they have gained unauthorized system access, waiting for just the right moment to strike. Other times, cyber criminals go undetected for months before anyone discovers the breach—and the full extent of the damage.
With all that said, if the goal of an attack is to bring your website down (DoS), you will see a performance degradation.
To help ensure the highest levels of security, the PHP community often releases updates to supported PHP runtimes every four weeks — and more often, if a critical security vulnerability is detected. So how do you keep your PHP runtimes up to date with the latest security patches? You can:
Today, if you are running PHP 7.3 or later, you can get security patches by visiting the PHP download page, the NVD site, or other sources such as the website that supports your Linux distribution. However:
In addition, if you use PHP packages from a Linux repository, your runtimes may not include the latest security updates. This is a significant and often unknown vulnerability for organizations running PHP 7.1 and under. Because PHP 7.1 and earlier are no longer supported by the PHP community, many of the available PHP distributions from Linux communities do not include needed security and bug-fix updates.
When you use the Zend Server PHP application server, we automatically update your PHP runtimes. That’s because Zend Server includes ZendPHP, which are PHP runtimes that we maintain and support. Based on the community PHP runtimes, ZendPHP includes:
In addition, when you use Zend Server, you gain real-time monitoring tools that can automatically alert you of application anomalies including performance slowdowns. And, you gain an industry-leading debugger for pinpointing the cause of PHP issues, so you can quickly resolve them.
If you are interested in trying Zend Server and the automated PHP updates, sign up for the 30-day free trial.
If you just want to use ZendPHP, you can do that by using ZendPHP Enterprise runtimes. Much like the ZendPHP in Zend Server, ZendPHP Enterprise includes:
ZendPHP only takes a few minutes to install using the Package Manager — including Yum on CentOS, RPG on Redhat, and APT on Ubuntu/Debian. For example, if you run CentOS, issue the command, “Yum installed ZendPHP X.X” — where X.X is the PHP version number (5.6, 7.1, 7.3, or 7.4). The Package Manager will handle the rest, including automatically resolving all packages and dependencies.
Regardless of which option you choose to keep your PHP runtimes up to date, it’s important that you take this small but very strategic step to close known vulnerabilities in your software — and protect your information from unauthorized access.If you’re interested in additional help around PHP security and/or PHP migrations, you can take advantage of our:
Please let us know how we can help. Go to this page to contact a Zend representative. You can also send me an email or message me via LinkedIn.
In the meantime, you can use Zend Server for free for 30 days, and see how much time you can save with automatic PHP updates, plus tools that automate monitoring and accelerate debugging.
START FREE TRIAL
Account Executive, Zend by Perforce
Ryan has been with Zend since 2014, working with companies that are developing, deploying, and maintaining PHP applications. His expertise includes the full application stack across the entire software development lifecycle, from development to production. He helps development and operations teams improve productivity and the overall performance, security, and reliability of business-critical PHP applications.