PHP is one of the most popular scripting languages on the web today. According to W3Techs, PHP is used by over 78% of all the websites that use a server-side programming language. This means for almost every 8 out of 10 websites you visit, they are most likely utilizing PHP in some form or another which also means that PHP is not dead. And of course, it plays a very vital role as it pertains to the WordPress ecosystem, as the entire CMS is built on PHP.
Need to quickly check your PHP version? Create a phpinfo page.
A dilemma we are facing today is that many businesses, developers, and hosts have fallen behind when it comes to supporting the latest PHP versions. Some of the statistics below might even shock you. Today we want to discuss some of the reasons why it is so important that everyone uses the latest PHP versions, not only for security reasons but also for better performance and support.
As with any piece of software, PHP has a release life cycle in which has to adhere to in order to keep pushing things forward and making improvements. Each major release of PHP is typically fully supported for two years after its release. During that time, bugs and security issues are fixed and patched on a regular basis.
End of life means these versions will no longer have security support and could be exposed to unpatched security vulnerabilities.
According to the official WordPress Stats page, as of writing this, over 35% of WordPress users are still on PHP 5.6 or lower. If you combine this with PHP 7.0 and 7.1, a whopping 64% of users are currently using PHP versions that are no longer supported as of December 2019.
It’s even scarier if you look at the stats outside of the WordPress community. According to W3Techs, PHP 5 is currently used by 55.8% of all websites that use PHP.
The main reason for the lack of faster adoption for new versions most likely comes down a few different factors:
However, with all that being said, it is still not an excuse to run on PHP versions that are out of date, not supported, and actually could be slowing your WordPress site down. The good news is that there is some progress being made. Jordi Boggiano, co-founder of Private Packagist, puts together a report each year on PHP usage statistics. And as you can see below, there is some movement forward. This is of course just a sample subset of Composer installs, but still interesting to see the changes.
Check out some of the reasons below why you should think about updating if you haven’t already.
One of the most important reasons to update PHP is to ensure you are running on a version that is fully supported and patched regularly for security vulnerabilities. PHP 5.4 has not been patched since 2015. And PHP 5.5 has not been patched since 2016. It is important to note though, that some operating system vendors still update older versions of PHP if they included it.
According to CVE Details, 2016 was one of the worst years for PHP security vulnerabilities, with over 100 issues reported. These included DoS, code execution, overflow, memory corruption, XSS, directory traversal, bypass, and gain information types. 2017 was the third-worst year since 2,000, with over 40 vulnerabilities.
Even PHP themselves give some feedback about staying current:
PHP, like any other large system, is under constant scrutiny and improvement. Each new version will often include both major and minor changes to enhance security and repair any flaws, configuration mishaps, and other issues that will affect the overall security and stability of your system. Like other system-level scripting languages and programs, the best approach is to update often, and maintain awareness of the latest versions and their changes. PHP, Keeping Current
With the release of PHP 7.2, 7.3, and 7.4 came huge performance gains! So big in fact, that it should be a priority over a lot of the small optimizations you might playing around with on your WordPress site. The following benchmarks demonstrate significant performance improvements with PHP 7 over its previous iterations. PHP 7 allows the system to execute twice as many requests per second in comparison with the PHP 5.6, at almost half of the latency.
We also ran our own PHP benchmarks. And similarly to the benchmarks above, we saw that PHP 7.3 could execute almost three times as many transactions (requests) per second as compared to PHP 5.6. PHP 7.3 is also on average 9% faster than PHP 7.2.
Support is another reason why you want to use the latest and supported PHP versions. Many times, developers of plugins and themes can only extend support back for older versions so far. A lof this is due to time constraints and not having time to test compatibility. Things will eventually break when you run on old versions, and you can see this happening first hand in the WordPress forums. Here is a common error, which is typically caused by an older PHP version and how it treats a certain function:
You can do a search in the WordPress forums for “unexpected T_Function” and it returns over 2,000 threads, many with results from within the last couple days. Here are just a couple recent ones, all due to running old versions of PHP:
Many of these threads are being opened due to the fact that they are running on outdated versions of PHP. However, the same could also be said for threads being open due to PHP 7 compatibility issues. Which shows that the WordPress development community is still trying to catch up with newer versions of PHP.
Most WordPress developers would prefer to only work on newer versions of PHP if they could, simply due to the fact that there have been so many new features added between PHP 5.2 and PHP 7.4. A few changes with PHP 7 and 7.3 include:
It’s no fun to support old versions of anything. Unfortunately, a lot of developers are stuck having to support a wide range of versions.
It took a while, but the official WordPress.org requirements now recommend a host running PHP version 7.3 or greater.
Yoast just recently published a great article called “Whipping Your Host Into Shape.” In the article, Joost de Valk goes into detail about how the real issue is that hosting providers aren’t adopting this faster, and even if they are, they aren’t encouraging users to upgrade. And Yoast is going to do something about it. As of Yoast SEO 4.5, they are going to start showing a notice on the WordPress dashboard for sites running on PHP 5.2. This notice will be big, ugly, and non-dismissible.
If we could give Yoast a high five, we totally would! Kinsta has supported the latest stable versions of PHP 7.2, 7.3, and 7.4 ever since their stable releases.
In fact, every fresh WordPress install here at Kinsta defaults to PHP 7.3. And PHP 7.2 is the minimum version we currently allow in our environment.
We are dedicated to running the fastest and most secure environment on the market and that means that we need to make sure all sites are using technologies that are actively receiving security updates.
Check out our in-depth guide with step by steps instructions on how to safely update PHP on your WordPress site.
Perhaps you don’t know what version of PHP your WordPress site is currently on. Check out these different ways below to find out.
One of the easiest ways to check to see which version of PHP you are running is to use a tool like Pingdom or Google Chrome Devtools. The first HTTP request header will typically show you the version.
This relies on the host not modifying the X-Powered-By header value. Some might strip this due to security concerns. If they do, you might not see your PHP version, in which case you would need to use one of the other options below. Or you can always reach out to your host and ask.
If you’re running WordPress 5.0 or above, you can see the PHP version under the “Site Health” tool.
You can also check your PHP version by uploading a file via FTP to your server.
We realize there are still thousands of WordPress sites out there that are incompatible with newer PHP versions, whether it be due to an old plugin or theme. The challenge is for the less tech-savvy users or those without a budget, what is the best course of action? We run into this all the time with clients who migrate to Kinsta and as PHP versions reach their EOL.
Here are some recommendations:
Ready to update? Great, but one of the very first things you should do is test your site to ensure compatibility. You could test your WordPress site locally or better yet, utilize a staging environment, as this will more closely resemble a live production site. It’s better to be safe than sorry!
If you are a Kinsta customer you can easily create a staging environment with a single click. Change the PHP version from the dashboard and start testing away.
And remember, if you are upgrading from an old version of PHP, ensure you are also upgrading your WordPress installation as well. A new version of PHP with a 2-year-old version of WordPress probably won’t end well. Once you have tested your site and are ready to update PHP, here are some resources to get you up and going fast.
Check out our in-depth guide with step by steps instructions on how to safely update PHP on your WordPress site.
If you are a Kinsta customer, you can easily change the version of PHP by clicking into your site, going to “Tools,” and selecting a different PHP Engine. We currently have PHP 7.2, 7.3, and 7.4 available. Note: We published the phase-out dates for PHP 5.6 through 7.1 above.
At Kinsta, our PHP configuration includes a custom self-healing feature. This means your site’s PHP engine will automatically restart if it goes down. In the case that the automatic PHP restart is unsuccessful, our monitoring system will alert our sysadmin team to investigate the issue.
If your host uses cPanel they most likely already have an option available to you to change your version of PHP. Simply login to cPanel and under the “Software” category click on “Select PHP Version.”
If you manage your own server, we recommend checking out the official PHP installation documentation as instructions will vary per operating system. You’ll want to look at the changes with functions, classes, wrappers, extensions, modules, etc.
Now is the time to think about upgrading to PHP 7.4 if you haven’t already. Not only because you want to be running on supported software, but you are guaranteed performance benefits! If your current WordPress host doesn’t support PHP 7.4 yet, we strongly encourage you to seek out new hosting. And likewise with themes and plugins. If the developer has yet to release a patch, it might be time to find an alternative.
Have you recently migrated to PHP 7? We would love to hear your thoughts below. Was it an easy transition? Or perhaps you are still stuck waiting on a 3rd party.
If you enjoyed this article, then you’ll love Kinsta’s WordPress hosting platform. Turbocharge your website and get 24/7 support from our veteran WordPress team. Our Google Cloud powered infrastructure focuses on auto-scaling, performance, and security. Let us show you the Kinsta difference!