skip to Main Content
Using PHP 5 Becomes Dangerous In 1 Month

Using PHP 5 Becomes Dangerous in 1 Month

WordPress, Joomla, Drupal and most other content management systems (CMSs) were written in a programming language called PHP. PHP version 5, released in August 2014, is about to reach End-Of-Life (EOL) and will stop receiving security updates on January 1, 2019. A surprising number of WordPress and other PHP websites are still stuck on version versions of PHP that are 5.6 or older.

What is End-Of-Life or ‘EOL’ in Software?

When software reaches EOL it is no longer supported by software developers. That means that, even if someone finds a security hole in the software, the developers will no longer take the time necessary to fix it.

At some point, support for software needs to end, or the work needed to maintain it becomes increasingly time consuming and difficult. This is precisely Microsoft stops supporting older versions of Windows – Windows 8.1 was declared EOL on January 9, 2018.

Is PHP Version 5 going to be EOL soon?

The final branch of PHP version 5 that is still supported is PHP 5.6. Because this is the final PHP 5 branch, the PHP team chose to extend the security fix period from the usual one years, to two years. That extended security support will end on 1 January 2019.

PHP 7.0, the very first PHP 7 release, was released on 3 December, 2015, almost three years ago.

Why Should I Upgrade to PHP 7?

PHP 5 will no longer be supported with security fixes, starting on 1 January 2019 – hat means that even if a vulnerability is discovered it will no longer be fixed. If your website is running PHP 5 it will be vulnerable and those vulnerabilities will never be fixed.

PHP 7 has many improvements over PHP version 5, especially when it comes to performance. Upgrading your website to PHP 7 will instantly make it faster and more responsive – visitors to your website will think you paid for a big upgrade to your web server. PHP 5 has many known bugs that relate to performance, memory usage – these bugs will never be fixed.

PHP 7 is actively maintained and developers are able to implement improvements and make your website run faster, be more stable and use your expensive resources more efficiently.

How can I find out my PHP version?

If you are using WordPress and running the Wordfence security plugin, simply go to “Tools”, then click on the “Diagnostics” tab at the top right. Scroll down to the “PHP Environment” section and you will be able to see your PHP version on the right side of the page.

Does PHP 5 have any known vulnerabilities?

Security vulnerabilities are continuously reported in PHP. Some of these are serious. Viewing this page on CVEDetails.com will give you an idea of the volume and severity of PHP vulnerabilities that have recently been reported.

Many of the vulnerabilities reported in PHP were discovered this year. Many more will be discovered in PHP version 5 next year, after security support for all versions of PHP 5 have ended. That is why it is critically important that you upgrade to a version of PHP 7 that is supported and is receiving security updates.

Which specific version of PHP 7 should I upgrade to?

If possible you should upgrade to PHP 7.2 – the newest version of PHP because it will be fully supported for another year and then receive security updates for one more year after that.

Do not upgrade to PHP 7.0 as it will be declared End-Of-Life on December 3, 2018 .

Will anything break if I update to PHP 7.2?

If your WordPress website is up-to-date, including all plugins, themes and the WordPress core, you should have no issues updating to PHP 7.2. Outdated or abandoned plugins may not work as expected, but these should be replaced no matter what version of PHP you are using as they are a massive security risk for your website.

What if my hosting company does not support PHP 7?

Your web hosting account should include some sort of control panel for changing the PHP version. If you can’t find an option to upgrade to PHP 7 contact your hosting company’s support team to see what your options are. If there are no options for upgrading PHP past version 5.6 you should transition to new hosting company as soon as possible.

What if my developer does not support PHP 7?

PHP 7.0 was released nearly three years ago. If a developer’s plugin or theme doesn’t support PHP 7 by now, it’s quite likely that the project has been abandoned. Using unmaintained software is an incredibly bad idea as it means known security vulnerabilities are not being fixed. If you encounter issues when upgrading to PHP 7.2 this is a pretty big red flag and indicates that you should probably switch to an alternative product that is still actively maintained.

Can NinjaWP help?

When you partner with NinjaWP to maintain your website, one of the first things we do is run a security audit to make sure things are as up-to-date and rock solid as possible. All security issues are fixed before we tackle content updates and design tweaks.

If you are running PHP 5.6 (or older), we will work to make sure your web server gets updated to ensure the integrity of your website.


Get Two Free Website Updates!

Sign-up for our free trial and we’ll complete two changes or updates to your website for no cost and no obligation. Click here to get started.