As many of you may already know, PHP 7 will be discontinued at the end of November and will no longer be receiving security updates. As a result, we strongly recommend that everyone upgrade to PHP 8.0 or better.
We've written up a sample email below that you can resend to your clients explaining what's needed and why it's billable.
You can perform these upgrades yourself by just upgrading CMS Builder and any plugins. We are also happy to offer assistance if you require any help making these upgrades.
Let me know if you have any questions about this or if we can be of any assistance.
Subject:Required Security Updates: PHP 8
I wanted to let you know about some important security updates for your website and to schedule some time in the coming weeks to apply them. These updates will require some time to complete, but they are very important to maintain the security of your site.
We've had a number of clients ask about this so I've written up some additional details below if you’d like to know more.
Can you let me know a good time to discuss?
Ongoing security maintenance:
As part of maintaining an internet website, it's important to keep server software and code up to date. A standard website uses software from multiple 3rd parties such as Linux (operating system), Apache (web server), MySQL (database), PHP (programming language), and custom code that we've written specifically for your website.
These different vendors update their software when security issues are discovered and we periodically have those updates installed on the server. We don't charge for this and it often happens automatically. However, sometimes vendors introduce new versions that are not backwards compatible with existing website code which makes updating it necessary.
Upgrading to PHP 8
PHP is one of the most popular programming languages used today and what your website is programmed in. The developers of PHP have announced they're discontinuing PHP 7 and no longer providing security support for it. This means there won't be any way to prevent hackers or malicious users from using newly found security vulnerabilities to exploit websites running this version.
We've already made the required changes to the CMS (Content Management System) code and we can easily upload that, but we still need to review your website’s plugins and any custom code to ensure it will work with PHP 8.
PHP versions are actively supported for up to 2 years after their release. So further updates will be required in future years. Usually, they will require minimal testing and changes, but like all internet developers, we need to work with what the vendors provide us with.
You can see a list of currently supported PHP versions and their supported dates here:http://php.net/supported-versions.php
Additionally, other components on the server will require updating from time to time. Usually, we'll do this automatically but we'll let you know if anything extra is required.
Common Questions and Answers
Why didn’t you develop the website to support the latest version?
Often the latest version either didn’t exist yet or was not mature enough to be used. Old unsupported software can contain security vulnerabilities, and brand new software can be buggy and unreliable. We try to take a conservative approach and target development at well-tested, supported software versions that are in common use.
What happens if I don’t upgrade?
If you don’t upgrade your website then you’ll be vulnerable to security exploits and attacks that are discovered. Over the last three years, an average of 8 PHP vulnerabilities are discovered per year. You can find more information about PHP vulnerability trends here:https://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74
Should I be concerned about all these security issues?
Actually, no. Part of maintaining an internet presence these days is making routine security updates. You've probably seen ongoing media stories about Apple and Microsoft constantly releasing updates and addressing security issues. It’s something everyone has to deal with but we’re happy to take care of it as part of the service we provide for you.
Are there other benefits of upgrading?
Yes, there are. Updated software releases are often faster and more efficient, allowing your web server to respond more quickly and handle more requests. Additionally, programmers can develop software quicker when they’re able to use the latest features of a programming language.
Shouldn’t you provide these updates for free?
Unfortunately, we can’t anticipate issues before they happen. As the internet evolves, unforeseen changes are sometimes required to maintain server security, to have your site work in the latest browsers, or even address newly introduced laws or regulations. Maintaining a modern internet presence requires that your website evolve as well. Sometimes there are years between these required changes, and sometimes they are more frequent. We stay current on these issues so we can advise you on the best way to address them.
We’d propose the following process for updating the website for PHP 8:
- Backup the CMS database and website
- Upgrade the CMS framework to the latest version (which supports PHP 8)
- Upgrade any CMS plugins to the latest versions (which support PHP 8)
- Manually review and update any website code
- Switch the website over to PHP 8.0 or newer
- Test and confirm no errors or issues
Let me know if you’d like to go ahead with these updates and any questions.