Why WordPress will warn you about your PHP version and How to safely switch to the latest stable release

WordPress is primarily written using PHP as its scripting language, making it one of the most vital parts of all WordPress websites out there. Major parts of both the front and back end of your WordPress web page and interface exist thanks to PHP. It allows us to do so much in terms of building a website as you don’t only find it in your page templates and plugins, but it also makes up the files that form the WordPress dashboard itself. In short, without PHP your WordPress website would not even exist. It’s not something that you have to master to use WordPress, though, as casual users can happily manage their websites without ever touching a single line of HTML, CSS, JS or PHP code.

What all WordPress website owners do need to understand about PHP, however, is the massive effect it has on the performance and security of their sites. This language, as WordPress itself, has gradually improved over time. There is a new version of PHP being rolled out approximately once a year, with active support for each release branch of PHP being two years and after that, the third year only gets critical security updates. This means that your PHP version is not something you can set and forget. A huge problem we’re facing in the WordPress community is that many sites, businesses, hosting providers, and developers aren’t supporting the latest versions of PHP. It’s especially frustrating considering just how easy it is to upgrade.

The lifetime of older PHP versions is running out for your WordPress.

As of December 6th, 2018, the latest and greatest version of PHP is 7.3. PHP versions 5.5, 5.6 and 7.0 have officially reached their EOL (End Of Life) state. The end of life process is a standard part of the release cycles of PHP. Once a version has reached the end of life, PHP will cease to provide security support for it.

If you’re thinking, “wasn’t PHP 7.0 just released?!” It was… three years ago. And in fact, PHP 7.1 is receiving security updates only as of 1 December 2018. The active support period for PHP 7.1 actually ended even before the PHP 5.6 security support end date, and the security support period ends on December 1, 2019.

According to the official WordPress.org Stats page, as of writing this post, only 22.6% of WordPress users have already upgraded to a supported version. 11.1% are using PHP 7.1, yet another 11.1% are using PHP 7.2, and just 0.4% are using the newly released PHP 7.3 version. What we can see is that a vast majority of users, over 34.7%, are still running on PHP 5.6. 19.7% of them still prefer the 7.0 version. What’s even scarier is that at the time of writing, a whopping 77.4% of users are using unsupported PHP versions, making them far easier targets for security breaches than sites using a supported PHP version.

Why Is WordPress Requiring Newer Versions of PHP?

At WordCamp US in December 2018, it was announced a highly anticipated bump in the minimum PHP version required for using WordPress. After Matt Mullenweg stated the proposal during his State of the Word 2019, that PHP 5.6 would become the minimum supported version in the first half of 2019, and the minimum version will be bumped up again to PHP 7.0 in the second half of 2019—if all goes according to plan, it got an enormous applause—far more praise than most of the news about Gutenberg.

Still, last week’s announcement from the WordPress team came as a surprise for the WordPress community. Of course, moving forward with the latest versions of PHP is welcome news, but the minimum PHP version needed to run a WordPress site hasn’t been modified for years, and these changes have been a long, long time coming.

The WordPress open-source content management system (CMS) will show warnings in its backend admin panel if the site runs on top of an outdated PHP version.

Having the responsibility of managing the world’s most popular content management system, the WordPress Core Team took the pledge to ensure WordPress keeps up with PHP in future years and works forward to increase awareness and changes apathy, awareness or developer support for newer PHP releases.

“The immediate goal is to put in place supporting structure and site owner education/resources etc. so that we can more actively reduce the number of existing active WordPress sites on older PHP EOL versions and thus improve security and performance of the web.”

The current plan is to show warnings in its backend admin panel for sites using a PHP version prior to the 5.6.x branch (5.6 or lower). The warning message will contain a link to a WordPress support page which briefly explains the problem and then dives into how site owners can prepare for an update of their server’s underlying PHP version and perform it.

The warning will start displaying as a notification message as of WordPress 5.1 which is expected to be released around March 2019.

Sites that choose to remain on PHP 5.5 or below will still receive security updates and possibly bug fixes, but would not be able to upgrade to the latest major WordPress version until they upgraded to a subsequent supported version of PHP.

Prior to the release of the long-anticipated WordPress 5.0, it was declared that WordPress aims to support PHP 7.3 in its release fully. Currently, the official WordPress requirements page suggests that to run WordPress your host needs to support PHP version 7.3 or greater. It is no wonder that the decision to have this warning appear for sites was taken following the release of the WordPress 5.0 branch itself.

Still, there is the official note that states:

Even as WordPress Core continues to expand its support for new versions of PHP, there is no intention of abandoning support for older versions until usage numbers show that the impact on users will be minimal.

The History of the “Warning!” Approach

Upgrade statistics compiled days after the WordPress 5.0 release reported that roughly 85 % of WordPress 5.0 users were running their sites on PHP versions of 5.6 or above, which makes a small amount of the active WordPress community that will see these warnings in the first place.

The WordPress Core team observed that showing notifications to encourage users to upgrade their PHP version has been extremely effective. In early 2017, with the release of Yoast SEO 4.5, the Yoast SEO team experimented with similar warning approach – warning notification was added to the WordPress dashboard for Yoast users. It urged site owners whose sites were on a server running an outdated version of PHP to update to a new version. Site owners could only disable the nag by updating PHP. The results proved that site owners upgraded their PHP version at twice the rate than before they were shown the notification.

We’ve seen that this notice has had a great impact and we now have less than half of the PHP 5.2 users WP core has. As annoying as it is, it’s working. Which is why I wouldn’t bet on the core team doing anything different than what we do.

This initiative, called the Yoast WHIP project, proved that asking users (or “bothering” them, as Yoast says, in the original Trac ticket they wrote about merging the WHIP into WordPress core)—to upgrade could actually make a change in a meaningful way.

As a result of WHIP, along with the positive uptick in the number of PHP upgrades, the Servehappy project was launched in mid-2017.

Why Can’t You Just Use an Old Version of PHP Forever?

  • One of the most important reasons why you should upgrade PHP is for the security of your WordPress site. Running the latest version of PHP ensures that your website is fully protected against vulnerabilities and patched regularly for security holes.

Be sure to check also:

Why Using Legacy PHP Versions Makes Your Website Vulnerable

  • PHP 7 has demonstrated higher data processing and load-carrying capacity than its predecessors. In addition to high performance, you can expect significant memory savings because substantial optimization has been carried out in the internal data structures.
  • Official PHP benchmarks demonstrate that PHP 7 allows the system to execute twice as many requests per second in comparison with PHP 5.6, at almost half of the latency.
  • From the business perspective, PHP 7 offers clear advantages over its predecessors as providing excellent performance, resilience and optimal utilization. It enjoys a slight edge when it comes to WordPress.
  • PHP 7 is especially suitable for businesses that have a large online presence, such as e-commerce giants.
  • The minimum requirements for WordPress have increased.
  • You will ultimately struggle with compatibility issues with plugins and scripts you have installed that are no longer compatible with the version you’re using
  • Last but not least, the best practice is to adopt a stable version. All its new features advocate upgrading.

How to Update PHP Safely

Hopefully, by now we’ve convinced you of the merits of upgrading your site to the latest version of PHP. The migration isn’t that complicated as long as you go about it safely, to ensure that the update won’t break any of your website’s elements.

Wherever one considers switching to a new version, the first thing that comes into consideration is compatibility. PHP 7 is not backward compatible though. The main thing you need to keep in mind is that if you haven’t been diligent about maintaining your WordPress software, some of your plugins, themes or scripts may not be compatible with the lastest or specific version of PHP you want to use and they may not work properly. Even, it may fully or partially break your site. Of course, it is also possible that your plugin or theme code is completely old version dependent. Ultimately, can always try the upgrade and downgrade if there’s an issue.

Step #1: Keep calm and create a backup before the upgrade

Most likely, when we update PHP, it’s all coming up roses. However, there is always a small chance that everything will go wrong. If that does happen, we want to be able to roll it all back and put the website back together. All of which is much easier if you have a clean and shiny backup of your website.

Backing up your site regularly is something we already do free of charge, along with our services. However, you’ll want to have a handy backup of your site that’s as recent as possible, so that you can easily revert the changes in the event something goes awry.

We would urge everybody to generate a backup manually before pulling the trigger and upgrading their live websites. You can check our step by step guide on how to do it from your cPanel with us.

Next, you can proceed with the following step.

Step #2: Create a local staging copy of your website

It’s always the best idea to test the new PHP version in a staging or development environment rather than on your live site. This staging site will become a duplicate copy of your existing live website, placed in a subfolder of the main directory. Just keep in mind that when you create a staging site this way, it will automatically set that site copy on the same version of PHP as the live site.

Then you would need to change the desired PHP version per directory. You can easily achieve this by setting custom rules for each folder.

You can then proceed to run tests on this staging site to gauge the compatibility of your active themes and plugins and see how it reacts. Be sure to check your error log for any errors. If nothing unusual happens, you can later proceed with upgrading your live website.

Step #3: Update Everything

Before we get started, we want to make sure that all of your plugins and everything is up to date. This way, we are checking compatibility against the latest of everything, and giving ourselves the best chance of success.

That way, you won’t have to rush around fixing things afterward. Be sure to click the upgrade button wherever necessary.

  • Update WordPress itself
  • Update your Theme
  • Update All Plugins

Step #4: Check for Compatibility

Now comes the part where you check for errors on your staging site. What you’re looking for and what issues you might find can vary widely depending on your unique setup. However, here’s how we recommend you go about performing your test:

  • Make your way through every page on your website, looking for any elements that have suddenly stopped working.
  • Check each plugin one by one to see to see if they are behaving as they should, one by one.
  • Test all the features that your active theme includes, to ensure that they’re still functioning well or not.
  • You can also go to the wp-config.php file and set the variable WP_DEBUG as true. It will display all the errors and warnings.
    define(‘WP_DEBUG’, true);

Step #5: Upgrade Your Live Site

Once you complete the testing phase, follow the steps to proceed with the upgrade.

Which version should I update to?

It’s highly recommended that you upgrade to the latest PHP version if your site’s software can do so without issue. The latest version is the one that will be supported the longest and has the most fixes to improve performance.

Elena

Elena oversees all Marketing, Product Management and Community efforts for FastComet and is in charge of telling the brand's story. Always pitching, she’ll share the FastComet vision with anyone who’ll listen. Elena helps our customers make the most of their web sites' and focuses on our inbound marketing efforts; everything from developing new online growth strategies, content creation, technical SEO, and outreach within the FastComet community. Her background includes Sales and Customer Relationship development, as well as Online Marketing.