I have an issue with my site, my website interface has now became very complex because I have a full time programmer coding the site for over year non stop. We have many third part softwares running and we have tried to update the version of PHP from 4 to version 5, it was catastrophic, many part of the site where not working,for example the soap module worked differently and other things.
I am not a programmer myself, this is why I really need an expert view about this problem, I need to have have my site very secure from all side, I am aware it is not possible to stop hackers,but at least it is possible minimise the risks of getting hacked by less people.
My question is:
If we keep PHP4 because we cannot move onto PHP5 due to website problems, is it a risk or not?
Is the last version of PHP4 be as secure as the last version of PHP5 security wise?
My nessus security scan keeps sending me alert about possible security holes in the php4 version, shall I check them as false positive?
Someone might put together an unofficial patch to fix the issue, but it'll unlikely be as timely as any security patches found for PHP5.
Sticking with PHP4 will probably bite you sometime down the line even if not immediately, e.g. if later versions of any third party software you're using start requiring PHP5 and you need to upgrade the third party software.