How to secure Magento 1.x running on PHP 5.6 with PHP 7.2?

E-commerce websites built on Magento 1.0 to Magento 1.9 will become less secure in December 2018. These Magento versions are built on PHP 5.6. And, PHP has officially announced that it is stopping security updates for PHP 5.6 and 7.0 in December 2018.

What is PHP? It is a scripting language that is mostly used for web development. It is used to build platforms like WordPress, Magento, Drupal, Joomla and more. There are multiple versions of PHP, and each version is advanced to its previous version. Once a new stable version is released, platforms like Magento are updated to make use of the latest advancements.

When are security updates ending for PHP 5.6 and 7.0?

Why is security support ending for PHP 5.6 and 7.0?

Each version of PHP is supported for two years, all bugs and security issues will be fixed during this period. Once the two year period gets over, each branch of PHP is supported for another year only for critical security issues.

Once its support period is over, that particular branch of PHP will reach its end-of-life (EOL), i.e. it will not be supported any longer, even in case of critical security issues.

Since 5.6 is the final PHP 5 release, the support for this version was extended for additional four months and the critical security fix period was extended to two years, which is now coming to an end by 31st December 2018.

Kinsta has explained it clearly why PHP 5.6 and 7.0 are not good enough beyond 2018.

What happens if you fail to update PHP 5.6 or 7.0 of your Magento website?

Since PHP 5.6 and 7.0 will not be receiving any security patches, your website will be vulnerable to hacks. Once your website is hacked the following things might happen:

Wordfence has answered some of the most asked questions related to PHP 5.6 and 7.0.

How to check the current PHP version of my website?

Checking the PHP version of your Magento site can be easily done by logging in to your hosting control panel. If you have SSH access, you can make use of the following command to check the version.

php -v

Also, plenty of online tools are available which can show the PHP version such as WhatRuns, BuiltWith (premium feature). But, it is recommended to check yourself by directly logging into the control panel.

Another way is to call your hosting provider and ask them about the PHP version used in your site.

How to keep my site Magento 1.x secure?

There are two ways to keep your Magento 1.x site secure. The first method is to upgrade your Magento 1.x site to the latest Magento 2 version. The second method is to upgrade to PHP 7.2 and apply the patch for Magento 1.x.

1. Upgrade your Magento 1.x site to the latest Magento 2.x version

The latest Magento 2.2.6 version runs on PHP 7.1.x and therefore switching your Magento 1.x site to the latest version will keep it protected from potential attacks.

Upgrading your site to Magento 2.2.6 will not only make it highly secure but also will improve performance drastically. For instance, the checkout process has been optimized, and its loading speed is no more dependent on the number of payment/shipping methods present.

This will ultimately improve customer experience and will allow you to have an edge over your competitors. However, since Magento 2 follows a totally different architecture and codebase, it is not a one-shot upgrade. The effort of migration is almost the same as building a new Magento 2 store. Talk to our Magento consultants for more information.

2. Upgrade PHP to 7.2 and apply the latest patch for Magento 1.x

You can also upgrade to PHP 7.2 and apply the patch officially released by Magento. This patch will make your website’s core Magento compatible with PHP 7.2.

Follow the procedure mentioned below to easily install the PHP 7.2 patch on your website.

How to upgrade PHP from 5.6/7.0 to 7.2 and secure Magento 1.x?

Before starting the development of the site, a version control system like GIT is used to maintain a record of the changes made to the code. This system can recall particular versions of code later, and it is therefore used by developers in case if something goes wrong. Version control can also be used for successfully backing up your code.

Step 1 - First, backup your site

Before starting the upgrading process, the first thing that you have to do is to take a backup of your website. To perform a backup of your Magento site you can follow the steps mentioned below.

Step 2: Code and media backup

To backup the code and media of your Magento website follow these step by step backup process.

Step 3: Check the compatibility of extensions (CRITICAL)

It is most likely that a few extensions installed on your store will not work properly on the new PHP version 7.2. You need to upgrade these extensions to a version that supports PHP 7.2. If there is no such update from the extension vendor, you may ask your developers to customize the extension to support PHP 7.2

Alternatively, you can reach out to us by sending an email to hello@codilar.com.

Step 4 - Update your PHP version.

To update the PHP version of your Magento store, go to your web hosting control panel and upgrade the PHP version. Check out this article to understand how to upgrade to PHP 7.2 using shell commands.

Step 5 - Apply the patch.

Magento has released PHP 7.2 patch specifically for Magento 1.9 customers. This patch will make your Magento website compatible with PHP 7.2, thereby making it secure from attacks. To download the patch click here.

To apply the patch, you can make use of this detailed procedure for installing any Magento patch.

If you find this to be a difficult process, contact Codilar team for assistance.

Always consider security as a part of your SEO process.

Generally, security issues are not taken seriously in the SEO process. Connect your website to Google Search Console and get notified about security issues such as hacks, malware, crawl errors along with your website’s SEO performance.

If you are looking to upgrade PHP or migrate to Magento 2.x? Contact Codilar team to make your Magento 1.x website secure, or for any Magento related solutions.

***

Previous blogs