Start 2015 off with security in mind - so stop using PHP

example of hacked web site

With a string of SSL issues behind us in 2014 (Heartbleed, Poodle, Beast) maybe 2015 should be the year of increased security... first off PHP.

More than 78 per cent of all PHP installations are running with at least one known security vulnerability, a researcher has found.

Google developer advocate Anthony Ferrara reached this unpleasant conclusion by correlating statistics from web survey site W3Techs with lists of known vulnerabilities in various versions of PHP.


What he found is that many, many PHP-powered websites are using insecure versions of the interpreter – so much so that it's actually easier to find an insecure PHP setup on the internet than a secure one.

"This is absolutely and unequivocally pathetic," Ferrara wrote. More http://www.theregister.co.uk/2014/12/31/want_to_have_your_server_pwned_easy_run_php/