In this article we explain what PHP is and how to update it easily.
This article was updated in May 2020.
First things first: Are you using an old PHP version? Then you should update it. How? Ask your hosting, they know. And: they shouldn’t charge anything for that. If they do, we suggest changing the hosting.
For the ones who don’t know what PHP is: let’s say it’s what powers WordPress.
If WordPress would be a skyscraper, PHP would be the steel structure that keeps it standing.
Talking a bit more technically, PHP is a programming language. It’s the language being used to write the backend part of WordPress. PHP was created round about 20 years ago. In the last 20 years, there have, of course, been done many changes on it. Developers added many new features and also removed and changed many of them. They fixed a lot of bugs and released dozens of security updates. The PHP we have today is much more powerful, more secure and overall better than the PHP we had 20 years ago. Or ten years ago, or three.
At the moment, the most recent stable version of PHP is 7.4 (May 2020). To keep PHP improving, the developers have a roadmap for each version. There, they indicate when they release a PHP version and for how long they will actively develop it, meaning making feature updates. Additionally, you can find out how much time the PHP version will receive security updates: http://php.net/supported-versions.php.
At some point, any version becomes the status “end of life” (often shortened as “EOL”). When a version is EOL, it does not receive any security updates anymore. That means that it is insecure. If you use it, it’s far more likely that your website gets hacked. Moreover, modern versions of PHP are much faster than old versions. If someone uses an old version, his or her website is, for sure, slower than it could be.
To be able using a PHP version, the used application — for example WordPress — must be compatible with that version. If, for instance, a feature used by the application was introduced in PHP 7, you need at least version 7 to use the application. This is why each application has a “minimum required version” for PHP. It’s the minimum version an application requires to work. For WordPress, the PHP minimum required version is 7.3 (May 2020).
If outdated versions are used, it means that security updates and improvements are missing. As a result, the respective website is less functional and also exposed to an increased security risk.
So we can assume that anyone having a website relying on PHP is always using the most recent, most secure and fastest PHP version, right? Unfortunately, that’s not the case.
According to official statistics (https://wordpress.org/about/stats/), 17,5 % of WordPress users are still using PHP 5.6. This means that thousands of users are running their website in a PHP version that is very insecure and much slower than it could be.
Many users just don’t know anything about the importance of a modern PHP version. They neither know what PHP is nor how they could upgrade it. Therefore, they don’t fully understand the issues of an old PHP version or the benefits of a modern one. Many users just use what hostings offer them.
To find out which PHP version your website uses, you can simply check the administration area of the hoster or ask them. Every serious hoster will be able to answer this question.
For all PHP versions supported by WordPress (currently: 7.3 +, as of May 2020) there is no need for action yet. If an older version is used, the hoster should be asked for an update. Most likely this will be done very quickly or at least you’ll get an explanation on how to do it yourself. If this is not the case: change your hoster.
If a website runs on an EOL PHP version, it is not safe. To update the PHP version regularly is a must for website security and good performance.
If a website runs on an EOL PHP version, the hoster will usually offer newer PHP versions as well. If this offer is not used, you will pay the same price for a slower, less secure technology as for the faster, more secure version.
In addition, WordPress plugins also have a minimum PHP version. To keep a website including all plugins up to date, the required PHP version must be used. The advantage: less security risks and a faster site.