Blog post updated to reflect current PHP versions as of 11/30/2022.
PHP is used by over 78% of all the websites that use a server-side programming language, making it one of the most popular scripting languages utilized on the web. Its range of functionalities, open-source nature, and tremendous online support has made PHP a perennial favorite among website developers worldwide.
As with any piece of software, PHP has a release life cycle in order to keep pushing things forward and making improvements. Each major release of PHP is typically fully supported for two years after its release. During that time, bugs and security issues are fixed and patched on a regular basis.
There are currently only 2 supported versions of PHP:
Current PHP versions as of 11/30/2022.
End of life (EOL) means these previous versions no longer have security support and could be exposed to unpatched security vulnerabilities.
Unsupported PHP branches as of 11/30/2022.
We reviewed all of our currently hosted sites and noticed that an astonishingly high number (54%) are still using outdated versions of PHP. A large number going all the way back to PHP 5.3 which reached its EOL in August of 2014!
Obviously, as long as the server software supports those versions of PHP the sites will continue to function, albeit without the benefit of security support and the enhanced performance of newer versions.
But, moving forward it’s likely no versions of PHP 5 will be supported on newer versions of most server software. The software on our current servers is currently slated for end-of-life in mid 2024. Which means that in only 18 months there are a lot of sites that could encounter some significant issues. And, there's always the possibility that we may have to upgrade the servers and/or software before that due to performance or security concerns. At this time we are strongly recommending to all of our hosting clients to begin preparing to update their websites to current versions of PHP to avoid potential significant downtime when support for older PHP versions is dropped completely. Of course, we could always attempt to set up an alternate server to continue hosting those old versions if absolutely required. But as the server itself and the supporting web applications would be severely outdated and not be receiving any security updates that would result in generally poor performance and a high risk of security issues.
Why Is PHP Security a Big Deal?
According to CVE Details, from 2014 to 2022 YTD - 281 vulnerabilities were reported that could compromise the integrity, security and/or performance of unsupported websites. These included DoS, code execution, overflow, memory corruption, XSS, directory traversal, bypass, and gain information types.
This is why PHP itself recommends keeping current:
"PHP, like any other large system, is under constant scrutiny and improvement. Each new version will often include both major and minor changes to enhance security and repair any flaws, configuration mishaps, and other issues that will affect the overall security and stability of your system.
Like other system-level scripting languages and programs, the best approach is to update often, and maintain awareness of the latest versions and their changes."
In addition, the newest versions of PHP also include greatly enhanced performance, current support, and new features to increase the functionality of your website.
Now Is The Time to Start Planning to Upgrade Your Site to PHP 8.2!
If your website is more than a year or two old, it’s currently using an outdated version of PHP. Even a website launched just this year would not be using the latest PHP version 8.2 that's due to be released in December 2022. (Note: minor updates such as going from 8.0 or 8.1 to 8.2 are generally relatively quick and cost effective. However, the more big version changes you miss, i.e. from 5.x to 7.x to 8.x the more complex and costly they become.) You should plan for a general website maintenance update every year to two to keep your site current and secure.
Updating your website to the latest PHP version will ensure your site is able to be supported by current and future server software, give you peace of mind with regular security updates, and provide you measurable performance benefits! And, if you’re still sporting a non-responsive website, this is the perfect opportunity to get that site updated and join the rest of the world in the 21st century! ;-)
Please contact us with any questions or to have us perform a free PHP audit on your current website.
Posted on November 30th, 2022 at 9:30 AM