• This post was closed out before I got to ask a follow-up question about the issue of WordPress vulnerabilities caused by MySQL and PHP being outdated, and the refusal of hosting services (particularly those owned by Newfold Digital) to update them.

    I manage 8 WordPress sites for one customer through Bluehost and want to ensure the sites don’t get hacked as described by @syzygist. I don’t know enough about the back end of WordPress to have a solution or recommendation for my customer. Are there any suggestions about a host provider that is and remains current with servers/databases?

Viewing 7 replies - 1 through 7 (of 7 total)
  • The post you are apparently referring to is a few months old: https://www.ads-software.com/support/topic/outdated-sql-server-warning-is-this-okay/#post-17741444 – please note that it is against the guidelines here in the forum to post your own concern in another topic, no matter how similar it may be.

    Any server component that is not provided with security updates represents a potential risk. Therefore, a hoster must also take care of updating them. If that is not possible, they may have to move your project to a suitable, more current system or at least offer to do so. If no one takes care of this, depending on the constellation of the server components affected and their vulnerable versions, websites that are operated via them may be hacked – in the worst case, even a complete failure.

    Hosters are therefore required to take care of precisely these things. You pay them not only for the resources they provide you, but also for them to take care of them. A hoster that does not take care of this cannot continue to exist. However, some hosts also change their business model, their staff or their services over time due to business decisions.

    Your actual question about a host that is reliable in this regard cannot really be answered for this very reason. Even large hosts could end up on a downward spiral. Take a look at the hosts recommended here, you at least have a choice (your Bluehost is already there): https://www.ads-software.com/hosting/ – but no one can guarantee that they will work as reliably as they do now forever and ever.

    Thread Starter kpersolutions

    (@kpersolutions)

    Thank you for the reminder. While the post may have been started 3 months ago, the post to which I was responding (from @syzygist) was posted 2 days ago and four hours later the thread was closed. I understand the hoster’s responsibility, however, thank you for the explanation. My question was posed given the context of @syzygist’s post.

    WordPress doesn’t like questions abut why they’re promoting Bluehost. I have been using MDDHosting for many years. Shock Hosting is a lower cost host that seems to offer a very similar shared hosting experience, though I have less experience with them. Clients who are reluctant to migrate to a different host sometimes become more amenable when they see how much money ti will save them. Not that cost should be the primary consideration when choosing a host, but when they are being overcharged for mediocre service, that becomes persuasive. Also, if they have cPanel, many hosts will migrate a cPanel account for you for free if you open an account with them. Make sure you understand what is happening with their domain-based email before migrating, though.

    To get back to the original question of how much of a risk it is, running a site on any server with server software that is no longer being maintained by its publisher (referred to as end of life or end of support) is probably a bad idea. That is why Wordfence and Site Health flag defunct versions. And you should run fast and far from any host that tries to make you purchase a more expensive hosting plan in order to receive an upgrade from expired server software.

    Here’s is a page on the PHP site where you can check the status of your version of PHP and where it is in the support cycle. https://www.php.net/supported-versions.php. And here’s a similar chart for MySQL versions: https://en.wikipedia.org/wiki/MySQL#Release_history

    In case you’re not aware, since you started this thread, you can re-open it if it gets marked as resolved before your question is fully answered.

    Moderator James Huff

    (@macmanx)

    WordPress doesn’t like questions abut why they’re promoting Bluehost.

    To be clear, WordPress is fine with questions about Bluehost, but the forums are not the right place for them, because no one here makes those decisions or is any part of the process whatsoever.

    We’re committed to helping create a wholesome and hassle-free WordPress hosting environment. If you feel there are issues with one of the hosts listed here, please send a note to hosting dash feedback at this domain. If the situation warrants we’ll work with you and your host on a solution.

    https://www.ads-software.com/hosting/
    Thread Starter kpersolutions

    (@kpersolutions)

    @syzygist, I can’t tell you how much I really appreciate your feedback and insight. Much obliged!

    @kpersolutions Happy to help. As you may be aware, you can usually upgrade your PHP yourself if you have a cPanel account. Just search on PHP in the cPanel search field. However even though cPanel offers this tool, it is up to the individual host what versions of PHP they choose to populate it with. I have seen hosts who did not even offer a single maintained version of PHP, and demanded a hosting plan upgrade from customers who wanted to access safe and current software.

    Unfortunately, this is not uncommon, and can occur on some big name hosts with high profiles. That does not make it acceptable, however! It’s the equivalent of going into a grocery store, discovering all the food on the shelves is expired, and being charged an entrance fee to access fresh food options. If that sounds outrageous, it’s because it is.

    MySQL runs in a separate virtual server, or even on a separate physical server, which serves all of the customers on the server, so those changes usually do have to go through the host unless you have a VPS hosting plan. Good luck!

    Thread Starter kpersolutions

    (@kpersolutions)

    Yes, I attempted the PHP update from 7.4 for two WordPress sites, but the sites messed up due to old themes, so I had to restore the site and I’ll recreate them using a different template that uses the current PHP version. Thanks for the info!

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.