What is happening?
From the 31st December 2018 PHP 5 will reach End of Life (EOL) status and will no longer be supported by it’s developers. This means that as and when new security vulnerabilities are identified, these will not be fixed. This represents a major risk for many thousands of WordPress sites which still use this version of the popular programming language.
Why is this happening?
As software developers update their software, they will release new versions. Sometimes these updates are patches to fix bugs or security vulnerabilities, but sometimes they’re also improving performance or adding new functionality. It’s very difficult to support multiple versions of the same code, and so each version is given a lifespan; usually this is full support for 2 years from the date of release, with another year for critical security vulnerabilities only.
The final branch of PHP 5 to still be supported is PHP 5.6 and because this is the final PHP 5 branch, it was decided to extend the security vulnerability support to two years rather than 1, and this ends on 1 January 2019.
What does this mean for me?
Well, if your WordPress site is running an older version of PHP, it’s probably a good time to think about updating. The latest version is 7.2 so is the best option in terms of giving you the longest period of breathing space before needing to do something similar. That said, if a website is running 5.6 now, chances are that it will be overdue and upgrade by the time 7.2 reaches End of Life (EOL) on 30th November 2020. You shouldn’t update to version 7.0 as this reaches EOL before 5.6 does, due to not receiving the same extended support.
What needs to be done?
It is not recommended that you undertake this work yourself. While each version usually has a relatively smooth transition from it’s predecessor, issues can arise when updating PHP versions, especially when skipping multiple branches. It is advised that you use a trained developer who knows what they’re doing to ensure that nothing breaks, and if it does, that it identified and fixed. Because there is an element of uncertainty in what might happen when the PHP version is updated, developers will be unlikely to give a definitive time/cost for the works as it could go smoothly – or everything could break. Either way, sticking with an unsupported version of PHP 5 is probably too big a risk to take going forward.
Is my website using PHP 5?
There are a number of ways of checking. One of the easiest is using the Wordfence plugin. If you’re not running this on your site anyway – then why on earth not?! If you haven’t got it, install it NOW! Once you have Wordfence, go to Wordfence > Tools, then click on the “Diagnostics” tab up in the top right of the main section. Scroll down to where it says “PHP Environment” and click to open that up. You should then be able to see your PHP version on the right side of that section.
How can you help?
If you or your clients are running an old version of PHP and need the site updating, then get it touch and we can help. Remember by the time everyone gets back from their hard earned Christmas break, PHP 5 will no longer be supported, and any security vulnerabilities will no longer be fixed. So don’t leave it until it’s too late…