Lately, I moved Geekflare from Shared Hosting to DigitalOcean on CentOS 6.6, and it was all ok till I received a “High-risk vulnerabilities” alert.
In CentOS 6.x when you install PHP-fpm, you will get 5.3 by default, which is considered high risk as an unsupported version.
If you are still running 5.3 PHP-FPM, you must consider upgrading to the latest version 5.6. Here is how I did and you can too.
As a best practice, you must take a backup of the entire PHP and if possible perform this upgrade in non-production first to ensure no side effects on the application due to a higher version.
PHP-FPM 5.6 Installation/Upgrade Procedure
- Login into CentOS with root
- Execute following commands
# rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# cd /etc/yum.repos.d
# curl -O http://rpms.famillecollet.com/enterprise/remi.repo
# yum install php-fpm php php-devel -y --enablerepo=remi-php56
If you need to install additional PHP-Modules like mbstring
, mcrypt
, soap
,apc
then you can use the following.
# yum install php-mbstring php-mcrypt php-soap php-apc -y --enablerepo=remi-php56
# yum install gd-last --enablerepo=remi
# yum groupinstall "PHP Support" --enablerepo=remi-php56 –y
By doing the above, you will have PHP-FPM latest version 5.6 installed.
Verify PHP-FPM version
[root@Chandan yum.repos.d]# /usr/sbin/php-fpm -version
PHP 5.6.12 (fpm-fcgi) (built: Aug 6 2015 17:15:15)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
[root@Chandan yum.repos.d]#
So as you can see, now I have supported PHP version, which is secure and safe.
Once you have a PHP upgraded version, you can also check your website for security vulnerabilities from these tools.
If you are using WordPress then you can check this article where I explained how to update the WordPress PHP version on multiple platforms.