PHP is used by over 78% of all the websites that use a server-side programming language, making it one of the most popular scripting languages utilized on the web. Its range of functionalities, open-source nature, and tremendous online support has made PHP a perennial favorite among website developers worldwide.
As with any piece of software, PHP has a release life cycle in order to keep pushing things forward and making improvements. Each major release of PHP is typically fully supported for two years after its release. During that time, bugs and security issues are fixed and patched on a regular basis.
There are currently 3 supported versions of PHP:
Current PHP versions as of 1/29/2021.
End of life (EOL) means these previous versions no longer have security support and could be exposed to unpatched security vulnerabilities.
Unsupported PHP branches as of 1/29/2021.
We recently upgraded our servers with newer hardware and updated software to make them faster, more reliable, and more secure. In the process, we reviewed all of our currently hosted sites and noticed that an astonishingly high number (60%) are still using outdated versions of PHP. A large number going all the way back to PHP 5.3 which reached its EOL in August of 2014!
Obviously, as long as the server software supports those versions of PHP the sites will continue to function, albeit without the benefit of security support and the enhanced performance of newer versions.
But, moving forward it’s likely no versions of PHP 5 will be supported on newer versions of most server software. The software on our new servers is currently slated for end-of-life in mid 2024. So as of now we have 3+ years yet before we reach any significant issues. But, we are now strongly recommending to all of our hosting clients to begin preparing to update their websites to current versions of PHP. Of course, we could always set up an alternate server to continue hosting those old versions if absolutely required. But as the server itself and the supporting web applications would not be receiving any security updates that would be far less than ideal.
Why Is PHP Security a Big Deal?
According to CVE Details, from 2014 to 2019 (2020 statistics are not yet available) 253 vulnerabilities were reported that could compromise the integrity, security and/or performance of unsupported websites. These included DoS, code execution, overflow, memory corruption, XSS, directory traversal, bypass, and gain information types.
This is why PHP itself recommends keeping current:
"PHP, like any other large system, is under constant scrutiny and improvement. Each new version will often include both major and minor changes to enhance security and repair any flaws, configuration mishaps, and other issues that will affect the overall security and stability of your system.
Like other system-level scripting languages and programs, the best approach is to update often, and maintain awareness of the latest versions and their changes."
Now Is The Time to Start Planning to Upgrade Your Site to PHP 8.0!
If your website is more than a year or two old, odds are it’s currently using an outdated version of PHP. Even a website launched just a few months ago would not be using the latest PHP version 8.0. Updating your website to the latest PHP version will ensure your site is able to be supported by current and future server software, give you peace of mind with regular security updates, and provide you measurable performance benefits! And, if you’re still sporting a non-responsive website, this is the perfect opportunity to get that site updated and join the rest of the world in the 21st century! ;-)
Please contact us with any questions or to have us perform a free PHP audit on your current website.
Posted on January 29th, 2021 at 4:46 PM