Out with the Old & In with the New,
Updating PHP is Essential for You!
Why PHP & WordPress Updates Should Top Your New Year’s “To Do” List
Do you own or operate a WordPress, Joomla!, Drupal, Magento or WooCommerce site? Then you’re using PHP and should read this to prepare for critical changes this new year.
By Michael Suhrbier, eXcelisys Web App Developer
What is PHP?
Hypertext Preprocessor (PHP) is an amazing and popular server-side programming language used in web development. How prominent is it? Well, it’s powerful enough to run the biggest blogging system on the web (WordPress) and the largest social network platform in the world (Facebook)!
More than 80% of all websites are powered by PHP on the backend, so chances are, you’re running PHP on your web server whether you know it or not. What you may not know is that your PHP may be outdated. If you use WordPress, you may need to update that as well.
It All Changed on January 1, 2019
At the start of the new year, PHP 5.6 reached “End of Life,” meaning this PHP version is no longer receiving security patches or bug fixes. Yikes! If you continue to run PHP 5.6 you will be vulnerable to breakdowns and hackers. Usage statistics suggest that almost 60% of sites worldwide operate on the PHP 5 base, making it a prime, hacker-friendly target. What better thing to eXploit than PHP code vulnerabilities that no one will be fixing!
Messages like these should not be ignored:
3 Reasons You Should Care about Updating PHP
- Website Security. If you want to ensure your website, web application, e-commerce store or blog stays secure, you should update. Leaving your site(s) running an outdated PHP base could potentially eXpose your users’ private information and leaves the door open for ransomware attacks.
- Cost. Fixing a hacked site could come with a large price tag. For e-commerce sites that go down, the financial cost is even more draining due to a loss of business.
- Reputation. If the attack involves a breach of private customer information, you may lose customers over your negligence in updating your site.
Check Which Version You Are Running
There are several ways:
- Upload a file with:
echo ‘PHP version is: ‘ . phpversion();
echo ‘PHP version is: ‘ . PHP_VERSION;
Next, access the file with your browser: http://yoursite.com/yourfile.php
- Log in to your cPanel, click general information, and your PHO information will be listed.
- Most CMS’s will also offer a “Server Information” tab that will show the PHP version it is running on.
- There are several plugins for WordPress such as “Display PHP Version” that will show you the PHP version from your dashboard.
What Should You Do? Update! PHP 7.2 is Fast!
Security is not the only reason to update. PHP 7.2 (the most recent stable version) introduces core enhancements, offering improved speed and processing. Let’s face it: Google likes fast sites! Site speed affects search rankings more than you realize.
To give you some idea of how much performance has improved from PHP 5.6 to PHP 7.2, I did some benchmarking with a Windows LAMP stack and a base install of WordPress 5.0 with no caching, no optimizations and no additional plugins, just a raw install. PHP 5.6 handled roughly 25 requests per second, while PHP 7.2 handled nearly 63 requests per second. This is a huge gain in performance for any PHP-based site owner!
Still Not Convinced? More Reasons to Update PHP
- A Hacked Site Could Have Long-term Issues. Even after your site has been “restored” and seems back to normal, there could be other problems lurking deep in the code base. What if the hacker installed a backdoor for later use? I liken this to the analogy about a wrecked car never being the same again despite being repaired.
- PHP Updates Become Harder the More Outmoded They Are. You don’t want to get too far behind because the time and cost associated with migrating to the newest version becomes more costly and time consuming the farther behind you get.
The chart below will give you an idea of where the current cycle is heading:
Speaking of Updates … What About WordPress 5.0?
WordPress 5.0 just came out! The most noticeable change is the Gutenberg block-based editor, which you will probably fall in love with after a few minutes of use. But don’t worry. If you don’t like it, a Classic editor is just a click away.
WordPress 5.0 has already had one security patch update and will likely get another soon. Security is likely to be continuously improved in the 5.0 release, thereby offering improved safekeeping of your data and that of your users.
Some WordPress 5.0 considerations
- Updating to WordPress 5.0 is irreversible. Make a backup first!
- WordPress 5.0 may break themes and plugins.
- WordPress 5.0 will change the way themes and plugins are used.
- WordPress 5.0 blocks will replace everything (even widgets).
The scope of work that needs to be performed (in most cases):
- Set up a development environment on your server.
- Pull a full site backup into the development environment.
- Upgrade to PHP 7.2.
- Upgrade to WordPress 5.0.
- Debug and adjust the code to work with the new updates.
- Update all plugins, modules, and extensions.
- Final testing.
- Deploy to your production environment.
Updates Feel Costly and Time-Consuming, but Unpatched Vulnerabilities Put You At Risk
The reasons to keep your software up-to-date aren’t always obvious, but security patches are at the top of the list — in my opinion. Often, site operators delay updates because of the cost or fear of the unknown. This is understandable; however, waking up to a hacked site is considerably worse. The choice to become less hackable through proper updates is an ounce of prevention with a side of “peace of mind.” You wouldn’t leave your front door unlocked at night, so why would you leave your website unsecured?
At eXcelisys, we have eXperience with WordPress support and website maintenance, including upgrading sites in a painless and cost-effective manner. I’ve recently updated four websites to PHP 7.2 / WordPress 5.0.1, all rather large in scale and complexity. We’ve got the process down.
If all you want for the New Year is to ensure your website is unhackable and up-to-date, contact us today for a no-charge website consultation analysis and estimate.
**This article is provided for free and as-is: use, enjoy, learn, and experiment at your own risk – but have fun! eXcelisys does not offer any free support or free assistance with any of the contents of this blog post. If you would like help or assistance, please consider retaining eXcelisys’ WordPress Support Services.
eXcelisys, Inc. is an independent entity and this website/information/blog post has not been authorized, sponsored, or otherwise affiliated with WordPress.