Out of all the websites using PHP, around 68% of websites still use PHP 5.x. PHP 5.6 support has ended in Dec 2018. But how would that matter for a website owner. The situation is just a ticking time bomb for websites continuing to run on the unsupported PHP 5.x versions. Any identification of a mass security flaw in PHP 5.x would spell disaster without any periodic security updates. Your website lying exposed to the hackers especially being an eCommerce site, poses a greater threat. It would rather be prudent, to keep your website technology updated rather than to lose business and customers.
Apart from the security aspect, PHP 7 brings in a host of significant performance upgrades to the table. PHP 7 has shown 4x faster performance increase for websites running on Magento 1.x. Improved loading time of your website gives a better user experience to your customers. This would mean a lower memory consumption of your website. Your website would perform better with even limited hardware resources. Magento 2 has raised the bar and has mentioned PHP 7 as a minimum requirement. Prior to installing the upgrade for providing PHP 7.2 compatibility, there are some security patches which have to be applied. These patches address various vulnerabilities reported in Magento like remote code execution (RCE), cross-site request forgery (CSRF), SQL Injection (SQLi), Security Implementation Flaw and Security Misconfiguration.
There are some situations where your store could be exposed to hackers. Users with permission to generate sales orders from the Admin panel can use gift card functionality to manipulate request data and inject a malicious string that is later unserialized. An administrator user with access to the Enterprise Target rule module can create rule-based product relations that can be manipulated to trigger remote code execution.
By manipulating request data when saving a category, a user can insert a malicious string into the database that can be used in a subsequent request to perform SQL injection. This injected code can be used to trigger arbitrary (with the proviso they fit in the 255 char field) insert and update commands.
Steps to Convert Magento1.9 Store to Support Php7
To achieve PHP 7.2 support we need to install the required patches from Magento packages as per the link below.
Please choose the patches as per the version of your Magento store.
For example, if you want to upgrade your store in 220.127.116.11 to support PHP 7.2, following are the Patch requirements: SUPEE-10752, SUPEE-10570, SUPEE-10415, SUPEE-10266, SUPEE-9767 V2, SUPEE-9652, SUPEE-8788 V2.
- Download all patches and copy them to the root of Magento instance.
- Run the below commands one by one in order
sh PATCH_SUPEE-10752_CE_v18.104.22.168_v1-2018-06-11-04-33-22.sh sh PATCH_SUPEE-10570_CE_v22.214.171.124_v1-2018-02-28-04-53-53.sh sh PATCH_SUPEE-10415_CE_126.96.36.199_v1-2017-11-27-06-51-32.sh sh PATCH_SUPEE-10266_CE_188.8.131.52_v1-2017-09-13-06-37-37.sh sh PATCH_SUPEE-9767_CE_184.108.40.206_v2-2017-07-11-11-04-56.sh sh PATCH_SUPEE-9652_v2-2017-02-07-01-18-38.sh sh PATCH_SUPEE-8788_CE_220.127.116.11_v2-2016-10-14-09-42-47.sh
3.Once you have completed Step 2 run the below command
patch -p1 < PATCH-18.104.22.168-22.214.171.124_PHP7-2018-09-13-08-05-20.2_v2
All done now. Your site will now start to load in PHP 7.2 . You should now see a notable difference in the website’s loading. Enjoy the power of PHP 7. Provide a faster and secure shopping experience to your customers. Need help in upgrading your magento store or want to have one built from scratch? Reach out to us on firstname.lastname@example.org.