27 April 2018
If you have a Magento website running on PHP 7.0 or lower, you may have heard of some security issues that will affect your ecommerce site at the end of 2018. These risks will increase your vulnerability to attack and PCI non-compliance if you don’t act soon.
Put simply, security support for PHP 7.0 and under ceases in December 2018. So if you’re an ecommerce business and you want to stay protected, read on because this is something you’ll need to take seriously.
PHP is one of the programming languages in which Magento is written. In essence, Magento’s PHP files provide the instructions that tell the site how to behave, from which page to show to the customer for a particular URL, to how to communicate with your payment gateway or other external integrations. Since PHP is the basis for the whole platform, Magento ecommerce sites are highly dependant on a PHP engine that runs quickly and securely.
PHP is regularly updated, so just like Magento, it has different version numbers too. It’s vital to always use a version of PHP that is actively supported. Not doing so will leave security vulnerabilities on your site which will not be fixed in the unsupported version of PHP you’re using.
As well as the obviously critical security updates, PHP 7 is a significant step forward in performance. In the right circumstances the differences are impressive. It’s not uncommon for sites to realise double their PHP throughput following upgrade to PHP 7. Bear in mind though that PHP is only part of the story - making a site feel ‘fast’ is a big-picture exercise.We build our sites to be quick from the outset, but if it’s been a while since you last checked, or you’ve come to us for support of your existing build, we’d be glad to help you make your site even faster.
Upgrading your PHP version to a supported version of at least 7.1 is a must. However, you also need to make sure your current Magento version is compatible with the version of PHP you’re upgrading to. This means you may need to upgrade your Magento version in order to use PHP 7.1 or above.
If you’re on PHP 7.0 or below (which most M1 sites are), here’s the action you’ll need to take for your Magento store to remain secure from December 2018.
Current Magento version | PHP | Magento |
Magento 1.5 | Upgrade to 7.1 or above | Upgrade to Magento 1.9.3 or above |
Magento 1.6 | Upgrade to 7.1 or above | Upgrade to Magento 1.9.3 or above |
Magento 1.7 | Upgrade to 7.1 or above | Upgrade to Magento 1.9.3 or above |
Magento 1.8 | Upgrade to 7.1 or above | Upgrade to Magento 1.9.3 or above |
Magento 1.9 | Upgrade to 7.1 or above | Upgrade to Magento 1.9.3 or above |
Magento 2 | Upgrade to 7.1 or above | Current version OK |
Magento 2.1 | Upgrade to 7.1 or above | Current version OK |
Magento 2.2 | Upgrade to 7.1 or above | Current version OK |
And don’t forget, an upgrade of Magento may also involve upgrading any non-native modules you have installed.
So, things have got a little more complicated! But don’t panic because we’re here to help, and we’re certified experts in Magento.
Allow us to take the stress out of keeping your ecommerce site secure by upgrading it to the most secure version of PHP and Magento. We’re a Magento Business Solution Partner and our team will perform an evaluation specific to your website, providing you with the best and most cost effective choice of upgrade to keep your site secure. This could involve upgrading to a higher M1 version, or if more feasible, upgrading to Magento 2.
All we’d say is act sooner rather than later. Don’t join the long queue of ecommerce stores upgrading last minute, during the busiest sales period of the year.
Want to get the ball rolling and upgrade your Magento site to PHP 7.1? Contact us for a friendly chat about your requirements.