After running into a situation where a client’s web host was running years outdated software, I realized some of you might be operating under a false sense of security–about your security!
Many people believe that just because they set up their hosting account with a well-known shared hosting company that stuff magically updates on its own. This is far from the truth.
Same goes for folks who have their websites “self-installed” with cloud hosting providers. Suffice it to say, once “the installer” leaves the scene, the server software will not self-repair or auto-update itself…
Server management is much more involved, and requires greater expertise than just clicking a button to install Linux and WordPress. Server management is not generally automated, and if someone doesn’t handle it, you may find your “server” is years behind in updates–and then it’s already too late. – Mike D., TVCNet Server Admin.
IMHO, A quality shared host presents “security” as their core feature. And security requires constant vigilance (using both human eyes and hands, 24/7). Web servers are not self-managed devices. And for this reason, many websites are hacked due to the above lack of hands-on management. Seriously, web hosting is a complex business.
Bottomline, if you don’t have a salaried server administrator on staff, it’s your responsibility to periodically check what’s been installed by your host both PHP and web server software wise. And it’s your responsibility to keep your host on their toes and demand currency of software, updates, and service responsiveness.
If your web host can’t handle the responsibility of maintaining regular updates, it’s a rather easy process nowadays to just move on to one that “gets it”. The top three hosting companies, with whom I’ve worked extensively, make customer website security an absolute top priority. These companies are TVC.Net, SimpleHelix, or AceNet
So complain with your wallet – it’s the secure thing to do.
How do I check the server software versions running at my web host?
The easiest method is to upload a one line PHP script to your hosting account and then view the script through your web browser. For this article, we’ll focus on the PHP version number.
How to create a PHP info script:*
Create a blank text file on your computer.
Name it something like serverinfo-x.php
*Try not to name your script to something easily guessed at, like “phpinfo.php”
Add line of text and save:
<?php phpinfo(); ?>
Upload the file to the same directory as your home page.
Then view your PHP information at: https://your-domain.com/serverinfo-x.php
Once you have the file open in your browser, look for the PHP version line, top of page.
You should be running PHP version 5.6 or above.
On a cPanel server, once you log in, look for a section on right or left named Server Information. An example below, with the two most important bits highlighted:
Note the Apache version shown above (click to enlarge).
You should be running Apache version 2.0 or above.
If you are running WordPress, the WP System Information plugin may provide the same web server software installed information as well.
So that about covers the basics in regard to what you should check server software versions wise. A web host running outdated software can be as great a security risk as running a years old version of WordPress, Joomla or other content management system.
If you need help or further explanation please feel free to call or chat with me anytime.
Please feel free to comment via WordPress, Twitter, Facebook or Google+