Archive for January, 2008

If you run a website, here’s a resolution you can keep: make sure your host is up to date. This is something that only takes a few minutes to check and can help you avoid hacker-induced headaches. With PHP being the most popular programming language used on the web, chances are your site uses it. You’re definitely using PHP if you use popular programs such as Joomla!, Drupal, or WordPress. Even if you keep these programs up to date with the latest patches, your site can still be at risk if your host doesn’t keep PHP itself updated.

If you’re running Joomla! or Drupal, checking your current PHP version is easy. In Joomla! 1.0.x, log into the administrator backend and go to System > System Info. The PHP version will be listed on this screen as well as under the PHP Info tab. In Drupal, use your admin login, then go to Administer > Logs > Status Report.

Aside from this software, there are other ways you can get the PHP version number. Most shared hosts often give you a control panel where you can log in and manage your account. If your host offers CPanel, the PHP version number will usually be displayed on the front page in the left column.

As a last resort, it’s easy to create a phpinfo() page you can use to get the version information. Open up a plain-text editor such as Notepad or TextEdit and add the following code:

<?php

phpinfo();

?>

Save this file as version.php (or anythingyouwant.php) and upload it to your web server using FTP to you web root directory. Then go to http://www.yoursite.com/version.php. Delete version.php from your server right away: you just want it to be available for a moment so you can get the information.

You now have your PHP version number. So now what?

As of this writing, the current version of PHP is 5.2.5. If this is the version you have, congratulations! Your host is up to date with the latest stable copy of PHP there is. If you have a version of PHP that starts with 5 but isn’t the latest, check with your host to see if they’re in transition. A lot of hosts set aside some servers with PHP 5 when it first came out in July of 2004 for testing purposes. You might be on one of these servers.

If your PHP version is 4.4.74.4.8, your host has the latest stable version of PHP 4. Ask and see if they have a plan in place for upgrading your account to PHP 5. If your host is running a version of PHP earlier than 4.4.7, look for a new hosting provider immediately: your host is at least 7 months behind in applying security patches. Don’t count on them keeping you up to date in the future, they’ve already failed you.

As of this past Monday, no new versions of PHP 4 will be released and it is officially obsolete. On August 8th, the PHP team will not even release security updates for version 4.

UPDATE: the PHP team released 4.4.8 the day after I posted this. The switch from .7 to .8 represents some security patches. It is not considered an entirely new version of PHP; everything should still be backwards compatible. If you are running 4.x.x, make sure your host upgrades you 4.4.8 promptly.

Aside from keeping up to date with software that’s being actively developed, there are other reasons to move to PHP 5. It performs faster and has new features your friendly open source programmers desperately want to use. The Joomla!, Drupal, and WordPress teams have all avoided writing code that only works on PHP 5 to make sure that you can run their software. Now is the time to return the favor and go with PHP 5!