Why Your Site Should Be On A Supported Version of PHP

September 26, 2019

Here’s a nice stat for you to throw out at your next cocktail party: PHP is used by over 79% of all the websites that use a server-side programming language.

Yep, that’ll impress them. Just kidding. Don’t do that.

Anyway, PHP is far from dead and used by almost 8 out of 10 websites you visit. It’s what is behind WordPress, Craft, ExpressionEngine, Drupal, and many, many other CMS platforms. And just like all software, there comes a time when a particular version of PHP must come to an end. (Don’t ask me why, I’m just the messenger.) Unfortunately, people have fallen behind when it comes to supporting the latest PHP version(s). That includes website owners, businesses, developers, and yes, even web hosts.

The most current version of PHP is 7.3 with 7.2 still being supported for well over a year, and 7.1 having support until December of 2019. But, [according to W3Techs] (and as of this writing), PHP 5 is currently used by just over 60% of all websites that use PHP.

Percentages of websites using PHP

Folks, PHP 5 reached end of life in 2016! In case you’re wondering, End of Life means that that version no longer has security support, which means that it could be exposed to unpatched security vulnerabilities. And we wonder how sites get hacked. 🤔

Older PHP versions and why adoption of newer versions is slow

Software generally has a release life cycle that it adheres to in order to continue making improvements and moving things forward. PHP is no different. Each major version is supported for roughly two years after its release. During those two years, security issues, bugs, and other vulnerabilities are fixed on a regular basis.

Supported PHP versions timeline, from php.net

Seems pretty clear, right? So why is adoption of newer PHP versions so slow? Well, there are a few reasons.

1. Site owner ignorance or indifference
For most site owners, they either don’t know or they don’t care. All that matters to them is the their website is working and looks good. And you know what? That’s totally fair. I’m a big believer that it’s not up to website owners, especially if they’re not very technically inclined, to know even a fraction of what we developers know. At least not in detail; basics and general concepts is plenty. It’s up to developers and web hosts to help move site owners forward.

2. Time consuming for developers
Any time a new version of PHP is released (or about to be released), developers have to update their already-written code, as well as potentially write new code to take advantage of new functionality. That all requires extensive testing to make sure its compatible. All of that adds up to a lot of time, particularly with support.

3. Web hosts don’t want to break sites
As a web host myself, I hate to say this but web hosting providers are a big part of the problem. I get it though - web hosts don’t want to cause their customers’ sites to break. And for the big hosting companies with thousands of customers, that’s a massive risk. So they sit on older versions of PHP and don’t encourage users to upgrade, all the while creating a massive vulnerability in their own servers.

Although I think these are all valid reasons, they’re still not quite good enough to run on older PHP versions that are not supported and could actually be slowing your website down.

Why you should update PHP versions

There are three key reasons that you should be running on a supported version of PHP.

1. Security
The fact is, only current, non-end-of-life versions of PHP get security updates. Running older versions of PHP leaves your site vulnerable. Even the folks behind PHP have this to say:

PHP, like any other large system, is under constant scrutiny and improvement. Each new version will often include both major and minor changes to enhance security and repair any flaws, configuration mishaps, and other issues that will affect the overall security and stability of your system. Like other system-level scripting languages and programs, the best approach is to update often, and maintain awareness of the latest versions and their changes.

PHP, Keeping Current

2. Speed & performance
Pretty much everyone wants a faster site. As technology improves, our patience grows thinner when it comes to website loading. PHP 7.2 and 7.3 have big performance gains.

Take a look at this benchmark performed this summer by WordPress web host, Kinsta:

Image by Kinsta

That benchmark is running WordPress 5.0.2, but the gains in newer versions of PHP are clear:

  • PHP 5.6: 88.62 requests per second
  • PHP 7.0: 205.06 req/sec
  • PHP 7.1: 207.34 req/sec
  • PHP 7.2: 219.01 req/sec
  • PHP 7.3: 241.27 req/sec

Again, that’s running WordPress. Does that make a difference? Maybe – I honestly am not sure. But it could. Regardless of CMS, the improvements in speed will be similar when running a newer version of PHP. In fact, this is the first change that should be made when looking to optimize your website’s performance.

3. Support & compatibility
Like pretty much any software, developers will (and should) only support older versions for a certain amount of time. The fact is, actively supporting old software (that can be years old) and making sure it’s backward compatible is costly, primarily in terms of time. It’s far more effective and efficient for developers and users to move forward. It means less time with vulnerabilities (assuming you upgrade) and also new features, security enhancements, and performance boosts. Supporting older versions of PHP can simply hold developers back.

Checking which PHP version you’re on

Convinced? So now you’re probably wondering how to update your PHP version, right? Well, let’s find out what version you’re currently on to begin with.

If you’re running a CMS, chances are you can check in there.

  • Craft: if you have it available, head to Utilities > System Report. The PHP version is the first line under Application Info.
  • ExpressionEngine: you’ll need access to the Developer area, but in it, click on PHP Info in the left sidebar and it’ll open up the PHP information page in a new browser tab where the PHP version is listed at the very top.
  • WordPress: head to the “Site Health” tool and you’ll be able to see the PHP version.

If that doesn’t help, there are two other ways.

  • cPanel: if your host uses cPanel, simply login to your cPanel account. Assuming you’re on a relatively current version, in the right sidebar under General Information, click on Server Information. On the next page you’ll see the version of PHP you’re running.
  • Ask your web host. They’ll be able to tell you pretty quickly (or I would hope so)

What can Block 81 do to help?

If your website is hosted through me at Blockwire, you’re pretty much set. I phase out old PHP versions on a regular basis. We’re currently running PHP 7.1 and will be updating to 7.2 server-wide later this year and a likely move to 7.3 in mid to late 2020. That said, if you are a Blockwire hosting customer and want to move up to 7.2 sooner or get moved onto 7.3 right now, open a ticket and we’ll get that taken care of!

If your website is hosted elsewhere, I can definitely help evaluate your site and determine which version of PHP you can potentially run given your CMS or other considerations. That might mean a new web host. If that’s the case, I can help move your site with minimal to no downtime.

Ready to make the switch?

Hopefully I’ve provided enough information to convince you to upgrade to PHP 7.2 or 7.3. Your website will be better off for it – you’ll get immediate performance gains and your website will be less vulnerable security-wise.

If you’re still unsure or have questions, please don’t be shy – reach out and let’s have a chat. I’m happy to help even if it’s just to answer questions.