After my Website was up, I got unserialize() errors

Username (e.g. epiz_XXX) or Website URL

Error Message

Warning : unserialize() has been disabled for security reasons in /home/vol8_3/ on line 76

Other Information

Before the Issues with the Website was on error 502 bad gateway, it was running fine on php 5.6, but after it was up, I got errors.

Last year when this happened I changed php version from 5.4 to 5.6 and it was fine.

You tried 7.4?


My Website do not support versions over php 7

That could be an issue. You may need to change some stuff so that it works, or do it a different way.

Ooof, then I need to change alot, I have like 2000 files just for the system :sweat_smile:
But can try

Do you know if serialize is still supported? Or is both disabled?

1 Like

I did some looking for you, this is what I found:

It stopped working because we found out that there was a big security hole in the PHP unserialize function. The fix for this issue was created after PHP 5.6 was end of life, so no patch was created for these older PHP versions.
We upgraded to PHP 7.4 to fix this issue in the PHP 7.x version we offer. However, no such fix exists for older PHP versions, which is why disabling this function is our only option.
So you have a few options here:

  • Make your software work with PHP 7.4, or migrate to software which does work with PHP 7 already.
  • Edit your software so it doesn’t use the unserialize function anymore.
  • Switch to premium hosting, which uses HardenedPHP and other security systems which means the unserialize function doesn’t need to be disabled there.

It is disabled on a php version to prevent a dangerous security risk, you should use +PHP 7 for your app.

I cannot find anything on the “serialize” function. It looks like the “unserialize” function works if you are using PHP 7+. I recommend always having the later version of PHP installed for your site, so unless something prevents the upgrading of PHP, I see no reason not to upgrade to 7+ (You can upgrade it in the control panel under “PHP Level”).

In your situation, you would either have to upgrade to PHP 7+ and replace the script that would break, or make your site work without the use of the unserialize function.

You do have one more choice, which is to upgrade to premium, where, due to all of the added security, PHP Unserialize can be used on all PHP levels without restrictions.

Hope this is helpful!


Thank you for the response, I will look into the options.

1 Like

I mean your answer is in the error. It’s been disabled.

However, if the post mentioned by @Greenreader9 is correct, changing your PHP Version to 7+ should fix your issue.


Supposedly the script he is running does not allow PHP 7+. There were about 3-4 topics about the 7+ thing, and it was Admin who’s answer I quoted. I hope it’s right :slight_smile:

You’re correct @Greenreader9! The particular PHP vulnerability was related to the unserialize function, the serialize function is not affected.

The best thing to do right now @Pilot_Dan is to try and get your website to work on PHP 7. Perhaps your existing website can be updated to work with PHP 7, perhaps you may need to choose different website software that is still being maintained.

We still offer some PHP 5 versions now, but this won’t last forever. If you don’t update your website, you can expect more things to break down or your website to stop working entirely.


Thanks for the answer. It’s still Odd that I experience the error now, but I’ve started a new project to make a new version as most of the code is from 2012. So just a new project to fully support php 7.4 is my new mission. Thank you!


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.