PHP7

[williamt]

Sorry mollyf I totally forgot to reply to this comment earlier.
Typically shared hosting environments can indeed be disastrous when a user gets hacked. We solved this security issue long ago with a custom written security module. Every thing on a users website is ran and owned by the individual user. If someone breaks into user "bobs" site they can not access user "jims" files or website an anyway.

My understanding is that if one website in a shared hosting environment is hacked, everyone on that server is in trouble. https://blog.sucuri.net/2020/01/what-is ... ation.html

[williamt]

I do believe you and the other users. I'm sorry if I some how gave you the impression that I didn't.

We are currently working on refreshing our entire web hosting infrastructure. I don't have any sort or release date as of yet that I can share but we are working on it.

Unfortunately as it stands right now changing to the latest version of php is a manual process. One of the reasons it was done like this was in the past there were often breaking changes even between minor versions of php. We didn't want to force upgrade everyone to the latest and have peoples websites break. So we allowed people to change to the version they wanted and it just continued on this way. In hindsight we probably should have made a member tool that allowed people to easily switch between versions they were running. This is one of the many things we would like to rectify when we release the new platform.

It seems to work now. Though I have my doubts about the future. Perhaps you're unaware that Sonic has been telling users for quite some time now that to upgrade their PHP (which was required to keep everything up-to-date and from being a security risk) that they had to do it manually. Many of us pushed back on this.

I appreciate that you've fixed it (for now) but it would be a nice acknowledgment to your users if you believed us that it was a problem, instead of acting like I was complaining about nothing.

[tikvah]

I do believe you and the other users. I'm sorry if I some how gave you the impression that I didn't.

Thank you.

We are currently working on refreshing our entire web hosting infrastructure. I don't have any sort or release date as of yet that I can share but we are working on it.

That would be great. I used to be Sonic's biggest fan, telling everyone to use it. Now I'm wondering where else I can go. Your ISP services are still strong (and I'm not going to leave just because you put fiber on my street but stopped 3-4 poles from my house; I know that's just luck of the draw). But hosting has deteriorated over the years. It used to be amazing but now I'm (until this week) running hackable/unsafe Wordpress and I'm still unable to put Let's Encrypt or any other SSL certificate on my accounts without paying tons more money and spending tons of time every 3 months on it.

Unfortunately as it stands right now changing to the latest version of php is a manual process. One of the reasons it was done like this was in the past there were often breaking changes even between minor versions of php. We didn't want to force upgrade everyone to the latest and have peoples websites break. So we allowed people to change to the version they wanted and it just continued on this way. In hindsight we probably should have made a member tool that allowed people to easily switch between versions they were running. This is one of the many things we would like to rectify when we release the new platform.

There are different levels of "manual." Clicking a link from within the Wordpress update dashboard when I'm ready to upgrade my PHP? Totally fine. Having to figure out how to telnet (which I haven't done for about a decade) or FTP so I can change a file on my account (and hope I don't make a typo and break something) and repeat for 6 accounts and then do this every couple of months? Totally NOT fine. And if I, someone who used to work in UNIX shells and who actually knows what an .htaccess file is and where it lives is saying this is unreasonable, then you can bet it's more than unreasonable for 90% of your Wordpress users (most of whom aren't even on these forums).

[ankh]

So just for the record, updated Wordpress and was warned:

PHP Update Required

WordPress has detected that your site is running on an insecure version of PHP.
What is PHP and how does it affect my site?

PHP is the programming language we use to build and maintain WordPress. Newer versions of PHP are both faster and more secure, so updating will have a positive effect on your site’s performance.

I realize Sonic has been working on getting this done for quite a while now.

[ankh]

To be specific, this is the site health info:

Your site is running an outdated version of PHP (5.6.34), which requires an update

[ankh]

Oh, and there's more:

Outdated SQL server Performance

The SQL server is a required piece of software for the database WordPress uses to store all your site’s content and settings.

For optimal performance and security reasons, we recommend running MySQL version 5.6 or higher. Contact your web hosting company to correct this.

[tikvah]

Shocker. It's happening again. Or still.

An updated version of WordPress is available.
You cannot update because WordPress 5.4.1 requires PHP version 5.6.20 or higher. You are running version 5.3.29.

Untitled.jpeg (29.99 KiB) Viewed 2771 times

[ankh]

Hello, if somebody's working from home towad fixing this, tell us who and we can have pizza delivered for encourgement.

[tpeterson]

Rats! I thought that I was going finally to be out of the woods when Wordpress today allowed me to update to 5.4.2. But after a "successful" update, not only does Chrome still complain that my site is insecure, but Wordpress' dashboard says that I need to update PHP. I guess I must have totally misunderstood williamt's post from last March about a newly available tool for WP installations...?

[williamt]

Guys you need to update to PHP 7.
See: viewtopic.php?f=8&t=15154