• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Lately, I moved Geekflare from Shared Hosting to DigitalOcean on CentOS 6.6, and it was all ok till I received a “High-risk vulnerabilities” alert.

    high-risk-phpfpm

    In CentOS 6.x when you install PHP-fpm, you will get 5.3 by default, which is considered high risk as an unsupported version.

    unsupported-php

    If you are still running 5.3 PHP-FPM, you must consider upgrading to the latest version 5.6. Here is how I did and you can too.

    As a best practice, you must take a backup of the entire PHP and if possible perform this upgrade in non-production first to ensure no side effects on the application due to a higher version.

    PHP-FPM 5.6 Installation/Upgrade Procedure

    • Login into CentOS with root
    • Execute following commands
    # rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
    # rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
    # cd /etc/yum.repos.d
    # curl -O http://rpms.famillecollet.com/enterprise/remi.repo
    # yum install php-fpm php php-devel -y --enablerepo=remi-php56

    If you need to install additional PHP-Modules like mbstring, mcrypt, soap,apc then you can use the following.

    # yum install php-mbstring php-mcrypt php-soap php-apc -y --enablerepo=remi-php56
    # yum install gd-last --enablerepo=remi
    # yum groupinstall "PHP Support" --enablerepo=remi-php56 –y

    By doing the above, you will have PHP-FPM latest version 5.6 installed.

    Verify PHP-FPM version

    [[email protected] yum.repos.d]# /usr/sbin/php-fpm -version
    PHP 5.6.12 (fpm-fcgi) (built: Aug 6 2015 17:15:15)
    Copyright (c) 1997-2015 The PHP Group
    Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    [[email protected] yum.repos.d]#

    So as you can see, now I have supported PHP version, which is secure and safe.

    Once you have a PHP upgraded version, you can also check your website for security vulnerabilities from these tools.

    If you are using WordPress then you can check this article where I explained how to update the WordPress PHP version on multiple platforms.