Insecure PHP version for wordpress

security
wordpress
php
v7

(Francesco) #1

NethServer release 7.6.1810 (final )
wordpress-5.1-1.el7.noarch
rpm -qa php
php-5.4.16-46.el7.x86_64

Hi everyone . I’ve just updated Wordpress to version 5.1-it_IT. The wordpress bulletin board tells me that the PHP version is insecure. Do I have to wait for a version release from neth7 updates or something else? Thank you .
php


How to expand template wordpress
(Michael Träumner) #2

No, you could install php-scl. First you have to install stephdl repo

https://wiki.nethserver.org/doku.php?id=stephdl_repository

After that you can install php-scl

https://wiki.nethserver.org/doku.php?id=php-scl&s[]=stephdl&s[]=repo

If you have finished installation, you can choose the version at the gui.


(Federico Ballarini) #3

I suggest you to use this https://wiki.nethserver.org/doku.php?id=php-scl and apply recent PHP version for your wordpress installation.


(Filippo Carletti) #4

Wordpress is wrong, the version of php is secure.
Red Hat will keep php 5.4 secure for the whole 7 life-cycle (until 2024).


(Francesco) #5

Thanks filippo. So I seem to have understood that wordpress is limited to check the installed php version and detecting the 5.4 warns you. Moreover I tried to install php-scl and from gui I selected version 7.2 as default on apache. Wordpress continues to report the same error.


(Michael Träumner) #6

Please try to restart the httpd service.


(Francesco) #7

I had tried with the command: systemctl restart httpd


(Michael Träumner) #8

Did you install nethserver-wordpress. It could be a try.

https://wiki.nethserver.org/doku.php?id=wordpress&s[]=stephdl&s[]=wordpress


(Francesco) #9

Wordpress has been installed by the stephdl repository for some time. do you propose to re-run the installation?


(Michael Träumner) #10

Perhaps @stephdl has a better answer then me.


(HF) #11

Did you configure it?

Please read the wiki page carefully. https://wiki.nethserver.org/doku.php?id=php-scl&s[]=php&s[]=scl


(Francesco) #12

Hello, after downloading php I limited myself to run from nethserver GUI the latest version then 7.3 and then set it as default for apache. My wordpress as previously written I unload it via the repository. I did not have to create a virtualhost on nethserver and then install wordpress. Can you suggest some tests to do? Thanks and I hope I was clear.


(HF) #13

How do you access your wordpress?

e.g. https://yourdomain/wordpress?


(Francesco) #14

Yes I log in regularly as you just listed. https: //myserver.local/wordpress. However, after the update the server continues to run regularly, it only shows the warning that it would be ok to update php without affecting the operation. Thank you .


(HF) #15

Then I would suggest to follow the advise of @filippo_carletti and others, to simply ignore for now.


(Francesco) #16

Ok, as suggested by Filippo php is already complete at the patch level. I also believe that if the new version of wordpress is required that requires such dependencies, why not perform a complete update of wordpress with related dependencies? Thank you all .


(Stéphane de Labrusse) #17

the wordpress module uses its own virtualhost like you discovered and the php-scl module is for /var/www/html, so you cannot use another version of php. The best advice would be to simply ignore it because redhat backports security patches, or install on your own php71-scl and make a custom template to load php71 in the wordpress virtualhost.

In short IMO it is urgent to wait.


(Francesco) #18

Thank you so much, it’s just what I had written before or I never created a virtualhost to host wordpress but I only downloaded the package from your repository.


(Stéphane de Labrusse) #19

yep I created for you a virtualhos that you can find at /etc/httpd/conf.d/zzz_wordpress.conf, with a custom template you could load whatever php version you want


(Francesco) #20

Thank you very much the template and instructions of the case.