Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Study Shows Millions Of Apache Websites Not Up To Date

By - Source: Toms IT Pro

Netcraft recently conducted a study on Apache web servers and found that only 1% of Apache websites are using the latest major release, Apache 2.4. The project has been regularly rolling out new versions since 1995, however, that doesn't necessarily mean all Apache users are keeping their servers up to date.

Apache has been the most popular web server choice for almost two decades. Although the open source server has seen a recent decline in use, according to a Netcraft survey, Apache is still used by 50% of the top one million websites and by 38% of websites in general.

According to the study, the most popular release by far is Apache 2.2, with version 2.2.22 taking the top spot by a margin of more than 15 million websites. In the release notes of version 2.2.26 Apache had this to say, "We consider the Apache HTTP Server 2.4 release to be the best version of Apache available, and encourage users of 2.2 and all prior versions to upgrade."

However, you can't always judge a web server by its version number. For instance, the Red Hat Linux OS utilizes backporting. Backporting is the patching of software through selectively applying certain fixes taken from new versions of the same software. In addition, it is possible to simply remove problematic modules from use on a web server.

There are still downsides to sticking to older versions of web servers though. According to Netcraft, "exhibiting an apparently-vulnerable version number can still have its downsides, even if there are no vulnerabilities to exploit -- as well as attracting unwarranted criticism from observers who falsely believe that the server is insecure, it could also attract undesirable scrutiny from hackers who might stumble upon different vulnerabilities instead."

Some websites opt to hide version information altogether, such as and This is a possible solution for the unwanted attention, but in the end it is far from a fully secure, up-to-date web server.