Switching to PHP5 & WordPress Codex
Interested in functions, hooks, classes, or methods? Check out the new !
Switching to PHP5
From version 3.2, .
This article is to answer questions about making the move from PHP 4.x to PHP 5.x on your web hosting platform.
To identify the version of PHP your web server is using, download the WordPress
plugin. When you activate the plugin, it will tell you if you are ready for WordPress 3.2. If it is not, contact your web hosting provider and ask them to provide support for PHP 5. Tips are available below.
WordPress developers and Theme and Plugin authors use the current PHP version 5.2 for some time, staying current with improvements in coding technology. Current and updated versions should be compliant and you should not run into any problems when you upgrade your hosting to a recent PHP version like PHP 5.2.x or 5.3.x.
In fact, WordPress runs better on PHP 5 than it does on PHP 4. PHP 4 is outdated and WordPress is not much tested to run on it any longer (not as much as PHP 5 by far at least). And for many plugins and themes this is the same, PHP 5.2 is supported right now on most hosts.
Some bugs do only exist when you run WordPress on PHP 4 but they do not exist when you run it on PHP 5. In these cases not PHP 5 but PHP 4 is the problem.
Some WordPress Plugin and Theme authors are working on versions that are only compatible with PHP 5 and its improved features and capabilities. So these do not even work with PHP 4 or older PHP 5 versions.
However, older Themes and Plugins may have PHP code that eventually might not work with every PHP 5 version. Check with the Theme and Plugin authors for the specific requirements of the plugins you're using. PHP 4 is officially end of life since August 2008 (that means no security patches since longer than a year ago). If your plugin has not been updated in years, please look for updated versions, or consider changing to an alternative option.
If you are using non-WordPress-specific code such as JavaScript, gadgets, widgets, or other custom or third-party PHP scripts, check with the original source for updated versions, just in case. Because PHP 5 is mostly backwards compatible you should not run into any problems normally.
Switching from PHP 4 to PHP 5.2 is known to cause an issue wherein gibberish appears above the Wordpress blog header related to "open_basedir restriction." It usually runs like this:
Warning: is_dir() [function.is-dir]: open_basedir restriction in effect.
File(/) is not within the allowed path(s):
(/home/MY_ACCOUNT:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:
/usr/local/php4/lib/php:/tmp) in /home/MY_ACCOUNT/wp-includes/functions.php
on line 1942
This can easily be corrected by editing the MySQL table. Search for wp_options and find "option_name = ‘upload_path’" and shorten the value in the column. For example, if the value in it is ‘/home/MY_ACCOUNT/wp-content/uploads,' change it to ‘wp-content/uploads’. More information can be found
This list is intended to show examples of how to swap to PHP5 on various hosts. This is not a complete, nor official list. Please check with your web host for specific and updated information.
1&1 Germany (Confirmed for
package) - To parse all php files in php5, the following lines of code have to be added to the root directory's .htaccess file:
AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php
Blue Host (Confirmed) - Supports PHP 5 by default.
Dream Host (Unconfirmed) - Visit Domains & Manage Domains & Edit Domain in your control panel.
Gradwell - Visit the Control Panel & Hosting & Manage Domains & Click on the domain name. Change the zone file to Default hosting on php 5 cluster. Click update. In "Unix Hosting," edit the domain and switch to PHP 5.
GoDaddy - From the Hosting Control Center, select Content & Add-On Languages. Select "PHP 5.x" as the version, then click Continue and Update.
HostMonster
- Supports PHP 5.2, 5.2fastCGI, 5.3, 5.4 & 5.4fastCGI by default (confirmed runs well on 5.4 & 5.4fastCGI)
Edit your .htaccess file and add either to the top (simple)
# To Use PHP5.4 as default
# Standard php, not fast cgi php
# AddHandler application/x-httpd-php54 .php
# To Use PHP54CGI as default
# AddHandler fcgid54-script .php
Media Temple - Check the knowledge base for help on upgrading.
To parse all php files in php5, add the following line of code to the root directory's .htaccess file:
SetEnv PHP_VER 5
cPanel (checked on PAC WebHosting, but probably applies to all cPanel based web hosting services) - On the cPanel main page & Software & PHP Configuration. At the top of the PHP configuration page, where it says "The '.php' file extension will be processed by" and select PHP 5 from the dropdown box. Click the "Update" button.
NearlyFreeSpeech.net Log into your account, click on your site and change the server type. The change will take effect in minutes. Its as simple as that!
Will I have to redo my whole site over? 
No, in most cases there would be no need to change anything on your site. If you are running a very old version of WordPress you may see better compatibility from upgrading, but then that's good advice no matter what PHP you're using.
Can I ask my web host to install PHP 5 or do I have to do it myself? 
This will vary from host to host. In some cases, a request via a support ticket will get you an answer from your web host provider. Others will offer the option through your host's control panel. It is usually a simple procedure.
What if my web host doesn't offer PHP 5? 
Most responsible host providers have already made the switch. Ask if they have plans to introduce PHP5 support. If they are planning to introduce the support soon, then it shouldn't be an issue. If they have no such plans, you might want to look around for alternative providers.
How much work and time will this take? 
If your web host provides the alternative, moving from PHP 4 to PHP 5 should be painless and fast. If there are problems with WordPress Themes, Plugins, and other scripts and PHP code, it could be more work, though most are updated by now. In most cases, though, it is as simple as clicking a button or two and waiting for it to happen.
How much money will this cost? 
Most hosts would not charge for providing PHP5. If you have paid for premium WordPress Themes or WordPress Plugins, check the support arrangements for PHP5 versions.
If my host doesn't upgrade, can I still use WordPress? 
As PHP5 only functionality becomes more common, and the possibility that a security flaw will be exploited affecting sites running on the PHP 4 platform, exploits not specific to WordPress, the need for web hosts to upgrade will become critical to providing quality customer support. It is unlikely that many will remain with the older versions. WordPress is working hard to maintain backwards compatibility as long as is feasible.
Can I test Locally? 
XAMPP (apachefriends.org FREE / Windows, Mac, Linux and Solaris), Includes Apache (2.4.4), MySQL (5.6.11), PHP (5.5.1) + PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin (4.0.4), Webalizer, Mercury Mail Transport System, FileZilla FTP Server (0.9.41), mcrypt, eAccelerator and more. Have auto installers for Wordpress, Drupal and Joomla. TEST all you want, I did and Wordpress v3.6 works on these versions.
In August 2008 PHP 4 became an end-of-life product. This meant that no further effort would be expended in fixing bugs, improving, or patching security holes found in PHP version 4. Development effort moved to PHP 5.
Since then, web hosts have gradually been introducing PHP 5 based offerings into their portfolios. Most decent web hosting providers will now allow PHP 5 hosting - though for some it may not be the default.
Compared to PHP 4, PHP 5 is faster, easier for developers to maintain and code for, and integrates better into web services. Perhaps most importantly, it is also a current, supported, product.
Currently WordPress works on both PHP 4 and PHP 5 based platforms. The historic viewpoint has been that WordPress would continue to have a PHP 4 minimum requirement until the user base reached a tipping point in PHP 5 adoption.
Clearly the WordPress developers cannot continue to code for PHP 4 indefinitely. Current feeling is that many PHP 5 only features may be introduced in WordPress 3.0. Some existing features, such as advanced timezone support, are already in WordPress and rely on capabilities present only in PHP 5.
The change is more likely to be a drift away from PHP 4 than a sudden detour. For example, more people have success with the
functionality when they are running on a PHP5 host.
As of September 2011, attempting to upgrade to Wordpress 3.2.1 on PHP 4 will result in your blog becoming unusable. A single line of text will display that will read:
Your server is running PHP version 4.4.9-nfsn1 but WordPress 3.2.1 requires at least 5.2.4.
If you are running PHP 4, it is highly recommended you avoid upgrading to Wordpress 3.2.1, and first focus on upgrading PHP.
This article is
as in need of editing. You can
Codex by .
Codex Resources
Code is Poetry.Apple pushes its first ever silent, automatic security update to Mac OS X to fix NTP bug
on December 23, 2014 at 12:19 pm
This site may earn affiliate commissions from the links on this page. .
Apple has pushed out its first ever automatic, silent security update to Mac OS X users, fixing a vulnerability in NTP that would’ve allowed hackers to turn Macs into DDoS zombies. In some ways, this finally brings Apple up to parity with Microsoft: Windows has technically had the ability to do automatic updates for a long time, though it’s very rare to see them performed while a system is in use — usually Windows waits for you to shut down to reboot before installing patches. Rather impressively, the OS X security patch should install transparently, with no need to restart.Last week, some Googlers discovered
(NTP), including a buffer overflow vulnerability that allows an attacker to . Most Unix-like operating systems (Linux, BSD, OS X, etc.) use NTP to synchronize their clocks — an exact number of vulnerable systems isn’t known, but we’re almost certainly talking about millions of computers, including Macs running OS X 10.8, 10.9, and 10.10.In any case, Apple thought this was a good opportunity to try out OS X’s automatic silent-patching mechanism. The feature has been present in OS X for at least a couple of years, but
it has ever been used. Whether this is indicative of Apple’s fairly slow-and-lazy approach to security, or just a dearth of vulnerabilities, I don’t know. Even though OS X is gaining in popularity, it still pales in comparison to Windows’ market penetration — so while Microsoft is constantly fighting to keep Windows secure, it’s relatively rare to see hackers or researchers target OS X, and thus we generally see very few security patches from Apple.Read: According to Apple PR, the security update (which is rolling out right now), “is seamless. It doesn’t even require a restart.” Apparently, when it’s your turn to receive the update, it will download and install automatically — the first you’ll know about it is a confirmation box after the patch installs, telling you it was a success. If you don’t want to wait for the automatic update, it can be manually downloaded from the Updates tab of the Mac App Store.OS X Yosemite vs. Windows 10As far as I’m aware,
has had the ability to automatically and silently install updates for a long time (probably since Windows 2000 or Vista), but it’s very rare for Microsoft to actually use it. Microsoft/Windows prefers to download the updates automatically, and then install them at the next opportune moment — usually when you’re shutting down or restarting. Installing a security update while a system in use can be quite risky: If you’re in the middle of an important task, and suddenly the system update daemon starts stealing CPU cycles and grinding the hard drive, it can be rather annoying. Presumably Apple thought the NTP vulnerability was serious enough that it warranted silent installation.Hopefully Apple didn’t automatically push the update to any OS X systems being used as servers or in an enterprise setting, though, or there might be some rather upset sysadmins tomorrow morning.Now read:
Post a Comment
This site may earn affiliate commissions from the links on this page. .
ExtremeTech Newsletter
Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
. You may unsubscribe from the newsletter at any time.
More Articles
We have updated our PRIVACY POLICY and encourage you to read it by clicking .From Wikipedia, the free encyclopedia
A television
is an example of an engineered product that contains firmware. The firmware monitors the buttons, controls the , and processes the button presses in order to send the data in a format the receiving device, in this case, a , can understand and process. In fact, the television's mother board has a complex firmware too.
and , firmware is a
that provides the low-level control for the device's specific . Firmware can either provide a standardized operating environment for the device's more complex
(allowing more ), or, for less complex devices, act as the device's complete , performing all control, monitoring and data manipulation functions. Typical examples of devices containing firmware are , consumer appliances, computers, computer peripherals, and others. Almost all electronic devices beyond the simplest contain some firmware.
Firmware is held in
devices such as , , or . Changing the firmware of a device may rarely or never be done some firmware memory devices are permanently installed and cannot be changed after manufacture. Common reasons for updating firmware include fixing bugs or adding features to the device. This may require ROM
to be physically replaced, or flash memory to be reprogrammed through a special procedure. Firmware such as the
of a personal computer may contain only elementary basic functions of a device and may only provide services to higher-level software. Firmware such as the program of an embedded system may be the only program that will run on the system and provide all of its functions.
Before the inclusion of integrated circuits, other firmware devices included a
semiconductor . The
had firmware consisting of a specially manufactured
plane, called "", where data was stored by physically threading wires through (1) or around (0) the core storing each data bit.
Ascher Opler coined the term "firmware" in a 1967
article. Originally, it meant the contents of a writable
(a small specialized high speed memory), containing
that defined and implemented the computer's , and that could be reloaded to specialize or modify the instructions that the
(CPU) could execute. As originally used, firmware contrasted with hardware (the CPU itself) and software (normal instructions executing on a CPU). It was not composed of CPU machine instructions, but of lower-level microcode involved in the implementation of machine instructions. It existed on the boundary between h thus the name "firmware". Over time, popular usage extended the word "firmware" to denote any computer program that is tightly linked to hardware, including processor machine instructions for , , or the control systems for simple
such as a , , or .
firmware on a
In some respects, the various firmware components are as important as the
in a working computer. However, unlike most modern operating systems, firmware rarely has a well-evolved automatic mechanism of updating itself to fix any functionality issues detected after shipping the unit.
The BIOS may be "manually" updated by a user, using a small utility program. In contrast, firmware in storage devices (harddisks, DVD drives, flash storage) rarely gets updated, even when flash (rather than ROM) storage is u there are no standardized mechanisms for detecting or updating firmware versions.
Most computer peripherals are themselves special-purpose computers. Devices such as printers, scanners, cameras and
have intern some devices may also permit field upgrading of their firmware.
Some low-cost peripherals no longer contain non-volatile memory for firmware, and instead rely on the host system to transfer the device control program from a disk file or CD.
As of 2010, most
support firmware upgrades. Some companies use firmware updates to add new playable file formats (codecs);
playback support this way, for instance. Other features that may change with firmware updates include the GUI or even the battery life. Most
firmware upgrade capability for m some may even be upgraded to enhance reception or sound quality, illustrating the fact that firmware is used at more than one level in complex products (in a CPU-like
versus in a , in this particular case).
Since 1996, most
have employed an on-board computer and various sensors to detect mechanical problems. As of 2010, modern vehicles also employ computer-controlled
(ABS) and computer-operated
(TCUs). The driver can also get in-dash information while driving in this manner, such as real-time fuel economy and tire pressure readings. Local dealers can update most vehicle firmware.
Examples of firmware include:
In consumer products:
Timing and control systems for
Controlling sound and video attributes, as well as the channel list, in modern
chips used in the Eventide H-3000 series of digital music processors
In computers:
found in IBM-compatible personal computers
The -compliant firmware used on
systems, Intel-based computers from , and many Intel desktop computer motherboards
, used in -based computers from
and , -based computers from Apple, and computers from
, used in computers from
, used in the
line of computers (, hardware init +
of peripherals, , etc.)
(Run-Time Abstraction Services), used in computers from
router distribution based on the
firewall/router distribution based on the
an open-source firewall/router distribution based on the Linux kernel
an open-source firewall/router distribution based on the Linux kernel
an embedded firewall distribution of
an open-source NAS operating system based on FreeBSD 9.1
an open-source NAS operating system based on the Linux kernel
Flashing involves the overwriting of existing firmware or data, contained in
modules present in an electronic device, with new data. This can be done to upgrade a device or to change the
of a service associated with the function of the device, such as changing from one mobile phone service provider to another or installing a new operating system. If firmware is upgradable, it is often done via a program from the provider, and will often allow the old firmware to be saved before upgrading so it can be reverted to if the process fails, or if the newer version performs worse.
Sometimes, third parties create an unofficial new or modified ("aftermarket") version of firmware in order to provide new features or to unlock
this is referred to as . An example is
as a firmware replacement for . There are many
projects for video game consoles, which often unlock general-purpose computing functionality in previously limited devices (e.g., running
Firmware hacks usually take advantage of the firmware update facility on many devices to install or run themselves. Some, however, must resort to
in order to run, because the manufacturer has attempted to lock the hardware to stop it from running .
Most firmware hacks are .
The Moscow-based
discovered that a group of developers it refers to as the "" has developed
firmware modifications for various drive models, containing a
that allows data to be stored on the drive in locations that will not be erased even if the drive is formatted or wiped. Although the Kaspersky Lab report did not explicitly claim that this group is part of the United States
(NSA), evidence obtained from the code of various Equation Group software suggests that they are part of the NSA.
Researchers from the Kaspersky Lab categorized the undertakings by Equation Group as the most advanced hacking operation ever uncovered, also documenting around 500 infections caused by the Equation Group in at least 42 countries.
Security risks[]
, founder of the
, has described
firmware as a security risk, saying that "firmware on your device is the 's best friend" and calling firmware "a trojan horse of monumental proportions". He has asserted that low-quality,
firmware is a major threat to system security: "Your biggest mistake is to assume that the NSA is the only institution abusing this position of trust –
in fact, it's reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the highest degree from manufacturers, and competence of the highest degree from a very wide range of such agencies". As a potential solution to this problem, he has called for declarative firmware, which would describe "hardware linkage and dependencies" and "should not include ". Firmware should be
so that the code can be checked and verified.
Custom firmware hacks have also focused on injecting
into devices such as smartphones or . One such smartphone injection was demonstrated on the
at , a . A USB device firmware hack called BadUSB was presented at
conference, demonstrating how a
microcontroller can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user. Other security researchers have worked further on how to exploit the principles behind BadUSB, releasing at the same time the source code of hacking tools that can be used to modify the behavior of different USB devices.
It is sometimes abbreviated as "FW", which is constructed after "HW" and "SW" standing for "hardware" and "software", respectively.
. ciena.com.
from the original on 10 January .
"What is firmware?". incepator.pinzaru.ro.
Dag Spicer (August 12, 2000). . Dr. Dobbs 2012.
Opler, Ascher (January 1967). "Fourth-Generation Software". Datamation. 13 (1): 22–24.
Corbet, J Rubini, A Kroah-Hartman, Greg (2005). Linux Device Drivers. . p. 405.  .
. Tech-Faq.com.
from the original on September 27, .
. . Archived from
on April 26, .
. . February 16, 2015.
from the original on December 2, 2015.
Dan Goodin (February 2015). . .
from the original on .
. . February 17, 2015.
from the original on February 25, 2015.
Linux Magazine issue 162, May 2014, page 9
(March 17, 2014). .
from the original on March 15, 2015.
. Malcon.org. Archived from
. H-online.com. . Archived from
on 21 May 2013.
. Wired.com. .
from the original on .
. BlackHat.com.
from the original on .
Karsten N Sascha K Jakob Lell ().
(PDF). srlabs.de.
(PDF) from the original on .
. The Hacking Post - Latest hacking News & Security Updates.
from the original on 6 October .
from the original on 7 October .
on , by Karsten Nohl and Jakob Lell
(includes an analysis of feasible security exploits through firmware modifications, in eight parts)
(firmware modifications, in seven parts)
: Hidden categories: