If you’re running a WordPress web site you are going to want to mark December 31st on your calendar. And not for New Year’s Eve.
Unless you’re someone who designs or develops WordPress web sites, I’ll bet you’ve never heard of PHP. That’s too bad, because PHP is really important to the performance of that web site you’re so proud of.
What is PHP?
PHP is a scripting language that enables the creation of websites. There are different versions. Each version represents an improvement from the previous version. As each version is created, software (like WordPress) are updated to be able to take advantage of the latest performance improvements. Right now, PHP versions 5.6 and 7.0 are the scripting language that drive just under 60% of all WordPress sites. Both of these versions will stop receiving security updates at the end of this year. That means sites that haven’t upgraded to the most current version (PHP 7.3) will be less and less secure moving forward.
When are Security Updates Ending?
At some point, all software reaches EOL (end of life) status. There are many reasons this can happen. For example, the code base could be bloated from too many patches. Or there are core vulnerabilities that can’t be patched. There is a new, better way to perform some tasks. Perhaps the software company wants to give revenue a shot in the arm by releasing a new version that people will have to pay for. In many cases, it’s just because the ongoing human costs of responding to help desk tickets are too high.
For PHP, this is a roadmap I grabbed from Hayden James that shows the various versions of PHP and when support for them will cease.
The good news is that the upgrade to PHP version 7.3 has a substantial upside in addition to being more secure. It’s also faster. About 25% faster than version 7.0 (see chart below). That’s good news and it’s something that Google will appreciate.
What If You Fail to Update PHP?
You really don’t want to do that. PHP is a server-side script, meaning it runs functions and scripts on your host server before it renders the front end of the website that your visitors will see. It is used almost everywhere on the web in one form or another.
Once a software package reaches EOL status and security patches for it are no longer being issued, hackers have a much easier time breaking in. And, truth be told, they have a much smaller chance of being found out. But beyond that, many plugins, themes and WordPress itself will eventually stop working with these versions of PHP.
How to Identify Which Version of PHP is in Use?
The easiest way to tell is to log into your hosting control panel and find a link to a section focused on PHP. There are online tools that can tell you but it’s best to log in directly to your control panel and check it yourself. This is what mine looks like:
As you can see, my server shows PHP version 5.6.30 so it needs to be updated. I’m not worried because my site is on a shared server and my hosting company will handle this process for me.
If you’re not that lucky, there are also plugins that can tell you which version you’re using. For example, the WordPress phpinfo() plugin is an easy to use plugin that can tell you which version of PHP your WordPress site is using. Once you know which version of PHP your site is running on, you can remove the plugin.
So now that you know what version your site is running, how do you upgrade from PHP version 5.6/7.0 to PHP version 7.3? Click here for upgrade instructions.