- Approximately 78.9% of websites run on PHP.
- PHP version 5 is used by 61.8% of these websites.
- As of December 31 2018, all security support for the PHP version 5 will end.
What does this mean?
“This means that starting with next year, around 62 percent of all Internet sites still running a PHP 5.x version will stop receiving security updates for their server and website’s underlying technology, exposing hundreds of millions of websites, if not more, to serious security risks.”
Here’s what you need to know.
Old PHP Versions: Are You At Risk?
In short, yes.
After the new year, if you are still running PHP v5, any vulnerabilities exposed by a hacker will put you at risk.
“If anyone finds themselves running PHP 5 after the end of the year, ask yourself: Do you feel lucky? Because I sure wouldn’t.” – Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise.
One of the most concerning aspects of the PHP time bomb is the lack of a united effort to encourage users to upgrade to PHP 7. There has been concern within the PHP community since last year when maintainers realised the scale of the disaster should the security updates stop.
The three big content management systems (WordPress, Joomla and Drupal), still haven’t changed their minimum requirements to PHP 7.0. Granted, Drupal has adjusted its minimum requirements to PHP 7, but as this only comes into effect in March 2019, it can’t really be considered proactive.
WordPress (used for more than a quarter of all sites on the Internet) still has a minimum requirement of PHP 5.2 and there are suggestions they should be doing more to switch people’s views of upgrading.
“The biggest source of inertia in the PHP ecosystem regarding versions is undoubtedly WordPress, which still refuses to drop support for PHP 5.2 because there are more than zero systems in the universe that still run WordPress on an ancient, unsupported version of PHP.” – Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise.
The problem can be summed up like this: If users aren’t forced to upgrade, most won’t.
Ready to update? Keep Reading.
How To Upgrade PHP Version
Updating to the latest PHP version not only minimises your risk, but it also enhances performance and support. However, before you update your site needs to be tested for compatibility and your WordPress installation needs to be upgraded as well. With less than 2 months left in 2018, now is the time to start thinking about upgrading.