If your site still runs on PHP 5, we have some bad news: your code is out-of-date and unsupported. If you don’t upgrade, you could get hacked, and believe us when we say that’s pretty hard to beat on the suckometer. PHP 5 reached its End Of Life — that’s EOL, if you’re an irredeemable nerd like us — on January 1st, 2019.
This means no more support and no more updates. You might wonder why that matters; if everything you have works, why upgrade to PHP 7? Because no more updates means no more security updates. Any vulnerabilities discovered after a product’s EOL leave you wide open to all manner of bad actors. You’re an albino bunny in a dark wood during a rabbit season that never ends.
Yeah, you might be okay. Probably not, though.
And of course, there’s another layer of complexity. Problems can arise when updating PHP. PHP 7 isn’t backwards compatible. If your theme and/or plugins have also not been updated recently, they can “break” if they use a PHP 5 function that doesn’t exist in PHP 7 — that’s what we call depreciation.
How Did This Happen? Things Were Fine
This is a normal part of web development. This is a normal part of software development. This is a normal part of every aspect of information technology. I’ve discussed before how security is basically an arms race and that same principle applies here.
PHP supports their releases for 2 years starting at release plus 1 more to address these sorts of security issues as they arise. 3 years after its release, that version of PHP reaches its EOL.
Some people who don’t have perspective on the information technology world may be put off by the fact that PHP doesn’t support their own legacy products, but most tech companies stop security updates on heavily dated software at some point. Microsoft recently announced that Windows 7 will no longer receive security updates after January 14, 2020.
Coming from the other side of it, the uninitiated may also wonder why their developer didn’t put PHP 7 on their site when they first built it. The answer: for the same reason that RadioShack didn’t sell you a cell phone in the 70’s. It wasn’t around at the time (actually, I’m not sure RadioShack was either). Your web developer wasn’t being negligent.
The answer to “When will I be able to stop upgrading to new software?” is “Never.”
“Safety is never a permanent state of affairs.” – Ser Davos Seaworth
Get The Lead Out
So if you haven’t, it’s time to upgrade to PHP 7.2; it was released on November 2017, so it’s going to be supported until November 2020.
Of course, there are other benefits aside from keeping your security tight. Speed and functionality, as with all software, improve with further iterations (significantly, in this case). But the steadily widening gap in security for unsupported versions is by far your main concern here.
I’m a procrastinator; I get it, I do, but this is not a trivial detail. This is not something to procrastinate on. Put it out of your mind and a nasty hack job will likely serve as your reminder to get it done.
Disclaimer (seriously, read this)
We accept no liability if you destroy your website, but what follows are instructions on checking and upgrading your PHP. You use these instructions at your own risk. If you’re not 100% confident doing this yourself, hire a professional. Seriously, people go to school for this.
How To Check
If you have to scratch your head as to whether or not your site uses PHP, the short answer is probably. The long answer is that if you’re an advanced user, you know how to use PHP and have almost certainly employed it; if you’re an inexperienced user, you’ve relied on third-party plugins and themes — which usually use PHP.
Here’s how to check. Create a new php file in your website’s root folder, name it phptest, and include only this line of code:
Then navigate to yoursite.whatever/phptest and you should get a line printed out telling you what version of PHP you’re running.
Now that you know, go back and delete that phptest file you just created. You don’t want to keep that on your site in case someone else finds it.
How To Upgrade
Okay, so maybe you’re running an out-of-date version of PHP. So how do you fix this without exploding your site all over the place? What we at Sleepless Media would do is set up a copy of your website on a backup server. If the upgrade blows up the backup site, you may need to hire a web developer. As chance would have it, we are web developers and are ready to assist.