Insecure PHP version for wordpress


(Francesco) #1

NethServer release 7.6.1810 (final )
rpm -qa php

Hi everyone . I’ve just updated Wordpress to version 5.1-it_IT. The wordpress bulletin board tells me that the PHP version is insecure. Do I have to wait for a version release from neth7 updates or something else? Thank you .

How to expand template wordpress
(Michael Träumner) #2

No, you could install php-scl. First you have to install stephdl repo

After that you can install php-scl[]=stephdl&s[]=repo

If you have finished installation, you can choose the version at the gui.

(Federico Ballarini) #3

I suggest you to use this and apply recent PHP version for your wordpress installation.

(Filippo Carletti) #4

Wordpress is wrong, the version of php is secure.
Red Hat will keep php 5.4 secure for the whole 7 life-cycle (until 2024).

(Francesco) #5

Thanks filippo. So I seem to have understood that wordpress is limited to check the installed php version and detecting the 5.4 warns you. Moreover I tried to install php-scl and from gui I selected version 7.2 as default on apache. Wordpress continues to report the same error.

(Michael Träumner) #6

Please try to restart the httpd service.

(Francesco) #7

I had tried with the command: systemctl restart httpd

(Michael Träumner) #8

Did you install nethserver-wordpress. It could be a try.[]=stephdl&s[]=wordpress

(Francesco) #9

Wordpress has been installed by the stephdl repository for some time. do you propose to re-run the installation?

(Michael Träumner) #10

Perhaps @stephdl has a better answer then me.

(HF) #11

Did you configure it?

Please read the wiki page carefully.[]=php&s[]=scl

(Francesco) #12

Hello, after downloading php I limited myself to run from nethserver GUI the latest version then 7.3 and then set it as default for apache. My wordpress as previously written I unload it via the repository. I did not have to create a virtualhost on nethserver and then install wordpress. Can you suggest some tests to do? Thanks and I hope I was clear.

(HF) #13

How do you access your wordpress?

e.g. https://yourdomain/wordpress?

(Francesco) #14

Yes I log in regularly as you just listed. https: //myserver.local/wordpress. However, after the update the server continues to run regularly, it only shows the warning that it would be ok to update php without affecting the operation. Thank you .

(HF) #15

Then I would suggest to follow the advise of @filippo_carletti and others, to simply ignore for now.

(Francesco) #16

Ok, as suggested by Filippo php is already complete at the patch level. I also believe that if the new version of wordpress is required that requires such dependencies, why not perform a complete update of wordpress with related dependencies? Thank you all .

(Stéphane de Labrusse) #17

the wordpress module uses its own virtualhost like you discovered and the php-scl module is for /var/www/html, so you cannot use another version of php. The best advice would be to simply ignore it because redhat backports security patches, or install on your own php71-scl and make a custom template to load php71 in the wordpress virtualhost.

In short IMO it is urgent to wait.

(Francesco) #18

Thank you so much, it’s just what I had written before or I never created a virtualhost to host wordpress but I only downloaded the package from your repository.

(Stéphane de Labrusse) #19

yep I created for you a virtualhos that you can find at /etc/httpd/conf.d/zzz_wordpress.conf, with a custom template you could load whatever php version you want

(Francesco) #20

Thank you very much the template and instructions of the case.