diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst
index f8ee8ad61..b4ef0c481 100644
--- a/admin_manual/configuration_server/harden_server.rst
+++ b/admin_manual/configuration_server/harden_server.rst
@@ -18,7 +18,11 @@ run ownCloud Server on Apache2 on a Linux environment.
 Limit on Password Length
 ------------------------
 
-ownCloud uses the bcrypt algorithm and thus for security and performance reasons, e.g. Denial of Service as CPU demand increases exponentially, it only verifies the first 72 characters of passwords. This applies to all passwords that you use in ownCloud: user passwords, passwords on link shares, and passwords on external shares.
+ownCloud uses the bcrypt algorithm and thus for security and performance reasons,
+e.g. Denial of Service as CPU demand increases exponentially, it only verifies
+the first 72 characters of passwords. This applies to all passwords that you use
+in ownCloud: user passwords, passwords on link shares, and passwords on external
+shares.
 
 Operating system
 ----------------
@@ -43,6 +47,17 @@ It is highly recommend to enable hardening modules such as SELinux where
 possible. See :doc:`../installation/selinux_configuration` to learn more about 
 SELinux.
 
+Use newest PHP version
+**********************
+Some security features and hardenings in PHP are only available in the latest
+PHP release and thus it is recommended to run the latest PHP version. You can
+find the latest version on http://php.net/.
+
+While distributions are trying to backport security patches there have been
+quite some cases where some has been missed or only backported after a long
+period of time, sometimes up to a few years. Also all security hardenings
+are usually not backported.
+
 Deployment
 ----------