The time has come to update your PHP version on your WordPress website.
Currently, WordPress recommends that you use PHP version 7.4 or above. However, on November 28, 2022 security support for 7.4 is set to retire.
It is important that you update your PHP version to 8.0 or above – not only to maintain active and security support but to take advantage of the performance enhancements of the latest versions.
Using an older version of PHP after November 28 will expose your website to security vulnerabilities.
Timeline of PHP Versions
To maintain your PHP instance with the latest features and security capabilities, it’s important to keep track of release lifecycles.
Generally, each PHP release tends to be fully supported for 2 years. In the meantime, the inevitable search for bugs and security issues are identified and patched.
All versions of PHP up to 7.3 have reached their end of life, meaning that new releases no longer support these versions. This means that users may be exposed to unpatched security vulnerabilities.
As for PHP 7.4, any new releases can only support critical security fixes. Even then, PHP 7.4 is reaching the end of life, which is set for November 28, 2022.
There are currently two versions of PHP with active support, PHP 8.0 and PHP 8.1 – although active support for PHP 8.0 will end on November 26, 2022.
What’s Behind the Slow Adoption of New PHP Versions?
Multiple reasons explain the slow adoption of new PHP versions, which include:
1. Lack of awareness or concern. Businesses don’t know or are not concerned about what PHP version they are using. Having said that, not many businesses have direct control over updating their PHP, with this responsibility in the hands of developers, agencies, or hosts.
2. Time investment. It may take time to update code that supports newer PHP versions, for example, developers working on website themes and plugins. In addition, it can take a lot of time due to extensive testing to secure compatibility.
3. Potential issues. When it comes to WordPress, some hosts seem reluctant to keep up to date with the latest versions of PHP because of the possibility of additional support tickets that it could generate if it breaks the website.
The decision – conscious or not – to run on outdated PHP is exposing websites to security vulnerabilities and most likely slowing down speed and performance.
Why Update your PHP Version?
Websites should be run on updated PHP versions for several reasons:
- Ensure security. Perhaps the most important reason to update your PHP version is to make sure that it’s fully supported and can be regularly patched when it comes to security vulnerabilities.
- The two most used PHP versions currently operating are 5.5 (22.7%) and 5.4 (23.1%). That is problematic because PHP 5.4 hasn’t been patched for 7 years and PHP 5.5 for 6 years.
- Some of the security issues include memory corruption, XSS, DoS, code execution, overflow, and directory traversal bypass.
- Improve performance. Every PHP release brings performance gains for websites. When it comes to analyzing a website and improving performance, prioritize updating to the latest version of PHP.
You can see the performance improvements with each new version of PHP – spanning from 5.6 to 8.1. There is a continuous gain in requests per second (req/sec), meaning the number of requests processed each second. At the same time, there is a continual improvement in response time.
PHP 7.0, for example, can execute twice as many requests per second when you compare it to PHP 5.6 – also with half the latency. These are clear performance gains. Even between the two latest versions, PHP 8.1 has shown to perform 8.5% more requests per second than PHP 8.0.
- Receive support. Another crucial reason to maintain the latest versions of PHP is that you will receive full support. Unfortunately, software developers working on websites, themes, and plugins can only take support so far when it comes to older PHP versions.
This is mostly due to not having sufficient time to test compatibility. At some point, the software going to break down – particularly when running an old PHP version.
- Take advantage of features. With every new PHP version come new features. This is what you get with PHP 8.1:
1. Inheritance cache (avoid relinking classes in each request)
2. Fast class name resolution (avoid lowercasing and hash lookup)
3. timelib and ext/date performance improvements
4. SPL file-system iterators improvements
5. serialize/unserialize optimizations
6. Some internal functions optimization (get_declared_classes(), explode(), strtr(), strnatcmp(), dechex())
7. JIT improvements and fixes, including a JIT backend for ARM64 (AArch64)
How to Check your Current PHP Version
We recommend that you determine the PHP version that your website is currently run on. Here is how:
- Check your hosting panel. Within every hosting panel, whether it be cPanel, Plesk, Webmin, or hPanel, you’ll be able to check your current PHP version and select which version to run on.
Take, for example, cPanel. Inside the hosting panel, under the Software section, you will find an option for Select PHP Version.
- Check on WordPress. If you’re running your website on WordPress 5.0 or above, you’ll be able to identify which PHP version you have under the Site Health tool.
Go to Tools – Site Health – Info – Server
- Use an online tool. Tools like Pingdom or Google Chrome DevTools can show which PHP version you’re using. On the analytics page, you’ll be able to see the running version under the first HTTP request header. However, this is only accurate if the header value ‘X-Powered-By’ has not been modified. There are reasons for hosts to get rid of this – such as security concerns.
If this is the case, get in touch with the host of your website.
- Upload a file to your server. Create a blank file called phpinfo.php. then paste this:
echo 'Current PHP version: ' . phpversion();
Let us Do the Heavy Lifting
We ensure that all of our clients’ websites are up to date with their scripting languages, including PHP. We are currently engaging with our clients and working with each of them to update their PHP.
Core to our strategy and migration process is transparency. We maintain constant and open communication with our clients, including when it comes to software updates.
When we update PHP versions, we follow our code preparations, ensuring that the new version is fully tested before going live, and checking if any compatibility issues need to be addressed before being updated.
If you need a PHP upgrade, get in touch with us!
Update your PHP Version Manually
There are clear migration guides on the official PHP installation documentation. If direct control over updates is in the hands of a host, agency, or developer, then get in touch with them. If you’re able to update your PHP version yourself, here are the latest guides:
Migrating from PHP 8.0.x to PHP 8.1.x
Migrating from PHP 7.4.x to PHP 8.0.x
Background on PHP
PHP is the scripting language core to web development. According to W3Techs’ data, it is used by 77.3% of all websites.
With its huge popularity, PHP is to scripting language what WordPress is to content management systems.
In fact, WordPress is entirely built on PHP.
With such a broad digital presence, it’s critical that businesses, developers, and hosts regularly update to the latest PHP version not only for security reasons but for improving site performance and support.
Alarmingly, the data shows that it is only a minority that is maintaining the latest PHP version. The latest version of PHP is 8.1, which was released in November 2021. However, W3Techs found that 55.8% of all websites using PHP are still using PHP 5 – which was released in 2004!
Within the WordPress ecosystem, 35% of websites continue to be built on PHP 5.6 or lower. And when you move up to PHP 7.1, a surprising 64% of websites are built on PHP versions that are no longer supported.
And that is both a problem in terms of security issues and a lost opportunity to take advantage of the enhanced performance benefits of the latest versions of PHP.
If you haven’t yet managed to update your PHP version, now is the time. The alternative is to run the risk of security vulnerabilities as well as miss out on improvements in overall website performance.