PHP is one of the most widely used scripting languages today. More than 78 percent of all websites that use a server-side programming language use PHP. It means that practically every website you visit uses PHP somehow or another, indicating that PHP is far from dead. And, of course, as the entire CMS is built on PHP, it plays a critical role in the WordPress ecosystem.
Many businesses, developers, and hosts have fallen behind in supporting the latest PHP versions, which is a problem we face today. Some of the numbers below may surprise you. Today, we’ll go over why everyone must use the most recent PHP versions, not only for security but also for improved performance and support.
PHP Old Versions
PHP, like every other piece of software, has a release life cycle that must be followed in order to keep moving ahead and improving. Each major PHP release is normally supported for two years after it is released. Bugs and security issues are repaired and patched on a regular basis during this time.
PHP 5.6, 7.0, 7.1, and 7.2 End of Life
End-of-life versions will no longer receive security updates and may be vulnerable to unpatched security vulnerabilities.
- PHP 7.2 is no longer supported as of November 30, 2020.
- PHP 7.1 is no longer supported as of December 1st, 2019.
- PHP 7.0 is no longer supported as of December 3rd, 2018.
- PHP 5.6 reached its end of life on December 31st, 2018.Since the initial version, 5.0, was released 14 years ago, this formally marks the end of an era for PHP 5.
As of this writing, over 35% of WordPress users are still on PHP 5.6 or below. When you add in PHP 7.0 and 7.1, you get a stunning 64% of customers utilizing PHP versions that are no longer supported as of December 2019. It’s very frightening when you look at the statistics outside of the WordPress community. PHP 5 is now utilized by 55.8% of all websites that employ PHP, according to W3Techs.
This is dangerous not only from a security standpoint, but also because a big number of WordPress sites are still not taking advantage of PHP 7’s further performance improvements.
Why is it so difficult to adopt newer versions?
The main cause for the slow acceptance of new versions is most likely due to a combination of factors:
- The most common reason we find new clients migrating to another company is that the owners are unaware of or unconcerned about their PHP version. It is understandable in some circumstances because we don’t expect everyone to be aware of the situation. It is frequently the developer’s, agency’s, or host’s obligation.
- For developers, updating their code to support newer PHP versions takes time. This covers folks who create websites, themes, and plugins, among other things. Updating code takes time and effort, but it might also necessitate rigorous testing to ensure compatibility. There are almost 49,000 plugins in the WordPress repository alone!
- Many WordPress providers have been hesitant to push out upgraded PHP versions, fearing that breaking a site will result in more support tickets. We understand this as a WordPress host, but from our experience, it’s usually the opposite way around. Many of the support issues we have are caused by issues with earlier PHP versions.
- When working with a client and other third-party programs they are unwilling to update, the developer or agency may find themselves between a rock and a hard place.
Despite this, running on PHP versions that are out of date, unsupported, and potentially slowing down your WordPress site is not an acceptable justification.
Why Should You Update Your PHP Versions?
Check out some of the reasons why, if you haven’t already, you should consider updating.
One of the most significant reasons to update PHP is to ensure that you’re running on a properly supported version and regularly get security patches. Since 2015, PHP 5.4 has not been patched. Since 2016, PHP 5.5 has not been patched. However, it’s worth noting that certain operating system makers continue to support previous versions of PHP, provided they include it.
2016 was one of the worst years for PHP security vulnerabilities, according to CVE Details, with over 100 concerns disclosed. DoS, code execution, overflow, memory corruption, XSS, directory traversal, bypass, and obtaining information were several forms of chevalier attacks. With almost 40 vulnerabilities, 2017 was the third-worst year since 2,000.
Huge performance advancements happened with PHP 7.2, 7.3, 7.4, and 8.0! It’s so important that it should take precedence over many of the little tweaks you could make to your WordPress site. The following benchmarks show that PHP 7 has significantly improved performance over prior versions. In comparison to PHP 5.6, PHP 7 allows the system to perform twice as many requests per second with nearly half the latency.
We also conducted our PHP tests. Similar to the previous benchmarks, PHP 7.3 could process nearly three times as many transactions (requests) per second as PHP 5.6. PHP 7.3 is also 9 percent faster than PHP 7.2 on average.
- WordPress 5.0 PHP 5.6 benchmark: 91.64 req/sec
- WordPress 5.0 PHP 7.0 benchmark results: 206.71 req/sec
- WordPress 5.0 PHP 7.1 benchmark results: 210.98 req/sec
- WordPress 5.0 PHP 7.2 benchmark results: 229.18 req/sec
- WordPress 5.0 PHP 7.3 benchmark results: 253.20 req/sec
Another reason to utilize the most recent and supported PHP versions is for support. Many times, plugin and theme creators can only provide support for outdated versions of their products. It is partly due to scheduling restrictions and a lack of opportunity to evaluate compatibility. Things will eventually break when you run ancient versions of WordPress, as you can see in the WordPress forums. Here’s an example of a common problem created by an earlier PHP version and how it handles a certain function:
Parse error: syntax error, unexpected ‘’ (T_VARIABLE), expecting function (T_FUNCTION) in /pub/file.php on line xxx
If you search the WordPress forums for “unexpected T Function,” you’ll find over 2,000 results, many of which are within the previous few days. Here are a few recent examples, all of which were caused by using outdated PHP versions:
- Hustle Plugin
- Content Locker Plugin
- Insert Headers and Footers plugin
Many of these threads are being started because they are running on outdated PHP versions. However, due to PHP 7 compatibility difficulties, the same might be stated for threads that are open. This demonstrates that the WordPress development community is still catching up with newer PHP versions.
New Features for Developers
Because there have been so many new features added between PHP 5.2 and PHP 7.4, most WordPress developers would like to solely work on newer versions of PHP if they could. The following are some of the changes in PHP 7 and 7.3:
- HTTP/2 server push
- Spread operator in array expression
- Arrow functions 2.0 (short closures)
- Null coalescing assignment operator
- Typed properties 2.0
- Weak references
- Combined comparison operator
- Null coalesce operator
- New type hinting
- Anonymous classes
- Nullable types
- Iterable and void returns
- Multi-catch exception handling
- Keys usable in lists
- More negative string offsets
- Number operators and malformed numbers
- Covariant returns and contravariant parameters
- New custom object serialization mechanism
Supporting ancient versions of anything is not pleasant. Unfortunately, many developers are forced to support a diverse set of versions.
If you haven’t already, now is the time to consider upgrading to PHP 8.0. Not only do you want to run on supported software, but you’ll also see performance improvements! We strongly advise you to look for new hosting if your current WordPress server does not currently support PHP 8.0. The same goes for themes and plugins. We have to move with the latest version of PHP to avail new features like security, performance, and reliability.