PHP stands as a testament to the evolution of web programming languages. With its roots dating back to 1994, PHP has demonstrated its enduring popularity over almost three decades. Nearly 77% of all websites on the internet today still use PHP as their server-side scripting language – and it’s safe to say that it’s not going to be dethroned anytime soon. With 46 new releases since version 8.0 was released in November 2020, it has always been well-maintained, frequently updated, and kept relevant and secure.
PHP is open source and is well suited for web development. It offers a range of open-source libraries and frameworks that can be used to develop efficient and secure web applications. PHP also plays a vital role as part of the WordPress ecosystem, as the entire CMS is built on the PHP language.
PHP is still being actively developed – a new minor version of PHP is released every couple of months; major releases only happen once every couple of years. Even though new versions of PHP are being released, there are still many people using the older versions.
However, one problem remains with PHP version usage. W3Techs estimates that only 23.1% of all PHP users are using one of the three current versions of PHP 8.
An overwhelming majority of websites are still stuck on version 7, and more than a fifth of all websites still use PHP 5, which received its last update more than 4 years ago.
Common Concerns of Upgrading PHP
Upgrading to a newer PHP version can bring many benefits. However, some people still hesitate to upgrade for various reasons, such as:
Fear of Breaking the Website Functionality or Design
Some people may rely on features that are deprecated or removed in newer PHP versions, or they may use add-ons, plugins, and themes that are not compatible with the latest PHP updates. This can cause errors or conflicts if they upgrade without making the necessary changes to their code.
Note: There is also a separate situation site owners run into when they do not have processes in place to update plugins and themes to their latest versions, ultimately meaning that they cannot yet consider switching to a newer PHP version.
When Hosting Providers Hesitate With Pushing Out New PHP Versions
Some hosting providers may not offer the latest PHP versions to their customers, or they may make them optional or hard to access. This can discourage some people from upgrading, especially if they are uncomfortable with changing their hosting settings or switching to a different provider.
At Servebolt, we make new versions of PHP available on our stack for testing as soon as we reasonably can, meaning that our users can start cloning their sites (in staging) to run on the newer versions to make the necessary preparations to switch to a newer PHP version in production as soon as they’re ready to do so.
Extensive Testing to Ensure Compatibility
Upgrading to a newer PHP version is not a trivial task. It requires meticulous planning and testing to ensure that everything works as expected and that no downtime occurs. This can be costly and time-consuming, especially for large or complex websites.
Lack of Technical Knowledge or Support
Some people may not have the skills or confidence to upgrade their PHP version by themselves, or they may not have access to reliable technical support if they encounter any issues. They may worry that they will make a mistake or damage their website if they try to upgrade without proper guidance or assistance.
There are a number of independent companies that operate in this space that are reliable:
Misconceptions About the Benefits or Risks of Upgrading
Some people may have false or outdated beliefs about what upgrading their PHP version entails. For example, they may think that upgrading will make their website slower, less secure, or more expensive. Or they may think that upgrading is not necessary or beneficial for their website. These misconceptions can prevent them from seeing the true value and critical importance of upgrading their PHP version.
Advantages of Upgrading to the Latest PHP Version
There is a common adage – “Don’t fix something that is not broken.” You might think that it’s better to leave the system as it is, but there are countless advantages to upgrading to the latest version. PHP Group has compiled a list of all the changes in version 8 (including version 8.0, 8.1, and the latest iteration – 8.2). Here are some of the major highlights from the list.
Improved Security
Just like any other software, new bugs and vulnerabilities are discovered in PHP from time to time. When a vulnerability is discovered, the development team releases a security patch as an upgrade. By upgrading your PHP to a newer version, you can safeguard your server and better protect your application from potential security threats.
CVE Details has been tracking the number of new vulnerabilities in PHP since the turn of the millennia. In any given year, 6-7 new vulnerabilities are reported, and in some extreme years, this number has surpassed over 100.
Some vulnerabilities are less severe and are only likely to disrupt the traffic on your site for a few hours, whereas other vulnerabilities allow attackers to gain unauthorized access to your servers.
Over time, some functions and algorithms are deemed insecure. Such functions are deprecated in the newer versions and replaced with more secure alternatives. Newer versions of PHP often include improved security features, such as better encryption algorithms and stronger password hashing functions, that can help protect sensitive data much more effectively. Upgrading your Bolt to the latest version will ensure that you are only using the securest algorithms.
PHP 7.4, the final minor version release that will be made available for PHP 7, reached end-of-life on November 28, 2021. That means that it will no longer receive official support or updates, including security patches. Consequently, using PHP 7.4 – or any PHP 7 version – exposes your web applications to potential security vulnerabilities that won’t ever be addressed by the creators. It’s therefore strongly recommended that you upgrade to a supported PHP version to ensure optimal security.
Enhanced Performance
Newer versions of PHP are optimized for faster performance and reduced resource usage. As a result, web applications running on the latest version are often much faster and more responsive while consuming fewer resources.
If you upgrade to newer versions, you can take advantage of better memory management, improved caching, and concurrency improvements. Together, these improvements can result in reduced memory usage, fewer database queries, and serve multiple users simultaneously.
What this means is that upgrading to a newer PHP version can significantly enhance your website’s performance and user experience. Improved memory management and caching lead to faster page loads, offering a smoother browsing experience. The concurrency improvements enable your site to handle multiple user interactions simultaneously, which is particularly beneficial during high-traffic periods.
Better Extensions And Plugins
By upgrading to a newer version of PHP, plugin developers can take advantage of the latest language developments and improvements, allowing them to strengthen the security and performance of their plugins and directly benefit the end user.
What Happens if You Don’t Upgrade
If you don’t upgrade your PHP version, you are putting your website at risk of serious security breaches and performance issues. Older PHP versions that have reached their end-of-life are no longer supported by the PHP developers, which means they don’t receive any security patches or bug fixes. This leaves your website vulnerable to hackers, malware, and other threats that can compromise your data and reputation.
Magecart – A Cautionary Tale
The Magecart hack targets online shopping cart systems, especially Magento, to steal customer payment card information. This is done by injecting malicious JavaScript code into the websites that collect payment information and then sending the data to servers controlled by hackers. Magecart attacks have affected well-known brands such as British Airways, Ticketmaster, and Newegg.
These attacks are a cautionary tale for outdated websites because they exploit vulnerabilities in the outdated software or components used by the websites. To prevent such attacks, website owners should keep their software updated and monitor their website traffic for any anomalies, as well as use web application firewalls or other security solutions to block malicious requests.
These hackers don’t stop and only get more nefarious with time, so it is vital to stay vigilant and proactive in protecting your website and your customers.
How to Upgrade Your PHP Version
Keeping your website updated with the latest PHP version should not be too difficult if you follow the best practices – and avoid using poorly written or outdated plugins. Most popular plugins are compatible with the latest PHP versions, or they will indicate their compatibility on their support page.
However, if you are using plugins that are no longer maintained or updated, you may need to replace them with something else or find a way to make them work with the newer PHP version. This may require some work and testing, but it is worth it for the sake of your website’s security and performance.
How to Upgrade Your Bolt’s PHP Version
1 – Check the PHP version: Before upgrading, you might want to check the PHP version currently being used. You can either do this from the Servebolt dashboard or go to Tools > Site Health > Info > Server in your WordPress dashboard.
Once you know your PHP version, you can check the PHP supported versions list to see if your PHP version is still receiving security updates or not.
2 – Check PHP Compatibility: Use a plugin like phan to check if your current themes and plugins are compatible with PHP 8.x. If not, you may need to update or replace them with alternatives that are compatible.
3 – Update WordPress Core, Plugins, and Themes: Make sure that you have the latest versions of WordPress core, as well as all your installed themes and plugins. These versions are more likely to work well with PHP 8.x.
4 – Contact Servebolt Support: Ask Servebolt Support to create a copy of your site on a server with PHP 8.x for testing purposes. This way, you can test your site fully without affecting your live site.
5 – Check Your Website: Test your website thoroughly on the new server. Check all pages, forms, transactions, and other functionalities. Look for any errors or issues that may arise from the PHP upgrade. Read our in-depth guide on How To Use Browser Testing To Automate WordPress Testing to learn more about this topic.
6 – Monitor the Site: Keep an eye on your website and its error logs for a while. If you notice any problems or if something breaks, you can revert to PHP 7.4 and troubleshoot the issue.
7 – Fully Migrate: If everything looks good, let Support know, and they will switch your live site to the new server. You will need to update your DNS records to point to the new server.
Tips for Upgrading Your PHP Version
Stay on the latest major version: Although it can be challenging to update PHP versions frequently, you should try to stay on at least the latest major version; currently, the latest major version of PHP is 8.
Each Bolt on Servebolt has one PHP version, and you can quickly create a new free trial Bolt and copy all of the necessary settings. After this, you can migrate the site from the old Bolt to the new Bolt and update your DNS records accordingly.
Consider automation or professional help – if you have a dedicated IT team that manages your site, you can consider implementing a continuous deployment pipeline that automatically upgrades your site, tests for performance issues, and reverts changes if an error occurs. You can use the Servebolt API to do a lot of this. It might also be a good idea to hire specialized support or consultancy services to assist with the upgrade process if you don’t have dedicated staff for this.
Final Thoughts
It’s vital to update your PHP version to ensure that you are taking advantage of the latest improvements. Even though upgrading takes additional resources, it can significantly reduce the risk of getting hacked by patching security vulnerabilities.
Staying on the older versions of PHP will leave your site exposed to attacks, and if it gets breached, it will cause irreparable damage to your business’s reputation. This problem will be further exacerbated if your users live in the EU, as GDPR laws have very strict requirements regarding handling personal data and impose substantial fines on sites that are negligent.
Hosting at Servebolt means having the fastest and safest experience possible; our clients enjoy blazing-fast and highly secure hosting thanks to our in-house experts that work on the latest software updates.
We also have a world-class expert team available that can assist you with the upgrade process – and ensure that your website runs smoothly and efficiently after the upgrade.
Interested in managed hosting that’s empirically faster? Try our approach to WordPress hosting – getting started is free, and benefits include:
- Scalability: In the real user workload tests, Servebolt delivered average response times of 65ms, 4.9x faster response times than the second best.
- The fastest global load times: Average page load times of 1.26 seconds put us at the top of the list of global WebPageTest results.
- The fastest computing speed: Servebolt Bolts provide previously unheard-of database speeds, processing 2.44 times more queries per second than the average and running PHP 2.6 times faster than the second-best!
- Perfect security and uptime: With 100% uptime on all monitors and an A+ rating on our SSL implementation, you can be assured your site is online and secure.
All backed by our expert team. Take Servebolt for a spin on your free test Bolt today.