You are here

Web Design, Contributed

Update Your Website to the Latest PHP Before It’s Too Late

April 11, 2019

Many companies skip critical updates to their scripting language, which can be a disadvantage to their website. Make sure you update your PHP to avoid security and quality issues. 

Your website probably wouldn’t exist without PHP. 

PHP is a scripting language used to develop websites. 

Approximately 8 out of 10 websites are built on PHP, which is one of the most popular programming languages. 

Unfortunately, the majority of website owners skip updating their site to the latest version of PHP. Ignoring PHP updates can be a problem for the validity of your site and business. Although not immediately obvious, PHP updates are necessary to maintain a high working capacity.
 

All sites built on PHP, including all WordPress sites, will need to update to the latest PHP version, to avoid major security & performance issues.

What is the PHP 7.2 Update? 

The major difference between PHP and other coding languages is that PHP is used on the server-level. Because of this, updates need to be done on the website and server where your website is hosted.
 
New versions of PHP are released every few months. In the graphic below (graphic of PHP timeline to be provided), you can see a timeline of the PHP versions with their release dates.

PHP Versions
 
PHP 7.2, which was released in 2017, is the latest version of PHP. Although PHP 7.3 has been released, it is still in beta and not ready to be used. In short, if your website is using any version below 7.2, it’s time to get to work. 

Why You Should Update Your Website 

The security of your website is the number one reason to update to the latest PHP. There is a high risk of security vulnerabilit in outdated PHP versions. 

If a vulnerability occurs in PHP 5.6, which is likely to happen, there won’t be any patches or fixes from the PHP development team. For instance, there are known security vulnerabilities that haven’t been fixed in PHP 5.4 since 2015.
 
Sadly, this is a perfect scenario for website hackers. A hacker can exploit that vulnerability in PHP and hack into any sites still using outdated versions. The situation is compounded by the fact that so many websites all use PHP, and this attack would affect any site regardless of your website’s content management system.
 
The second reason to update PHP is for performance. Benchmarks performed by the PHP development team demonstrate significant performance improvements on PHP 7 and above, especially for WordPress websites. Now that page load time is a significant metric for rankings and conversions, skipping this performance upgrade would be a mistake.  

Why Many Businesses Are Slow to Act on PHP Updates

Unfortunately, the majority of websites are still using an outdated version of PHP. According to WordPress Stats, over 63% of WordPress users are still on PHP 5.6 or lower.

PHP Versions
With the security & performance of your website at stake, why aren’t all site owners updating to PHP 7.2 immediately? Why is there such a slow response? 

1. It’s a Subtle Problem

It can be difficult to notice the implications of your PHP status on a day to day basis. If you don’t update, you may not notice any effect for a while. Even if a web developer logs into your website, they aren’t able to see the PHP version of your website. You have to check the hosting platform to see the PHP version. 
 
With this update, there are no bright red warnings on your website or reminders that you need to perform the update. Because of this, it’s easy to ignore the update until the consequences hit your site.
 
Even once issues start to happen on your website, most site owners don’t know to look at PHP and will mistakenly attribute the cause to something else. 

2. It’s Not Going to Impact You Until the Future

The largest effects are still down the line. If you decide to skip this PHP update and wait, you may have a month or two with no problems on your website. Because of this, it can be easy to defer action later. Easy - but not wise.
 
When talking about website security, there’s a tendency for site owners to think “that couldn’t happen to me, my site wouldn’t get hacked.” We all want to believe that the bad stuff won’t happen to us, but it’s far better to be prepared and avoid any potential problems. 

3. There are Different Opinions about the Severity of the Problem

There have been different responses to the PHP update in the hosting industry.

Some hosting providers like WP Engine are requiring every one of the websites on their servers to update WordPress to PHP 7.2 by a certain deadline. The hosting company doesn’t want to take on the risk of security breaches due to outdated PHP versions. 

However, other shared hosting providers are encouraging website owners to do the update, but not enforcing it, or warning of the consequences of inaction. The mixed responses to the problem can lead site owners to view the issue as less important than it really is. 

4. It Takes A Team Effort

You need to work as a team to update PHP. Unlike WordPress or content management system updates or plugin updates, you can’t just click “Update” on your website.
 
Because PHP is used on the server level, the update process (see the full process below) requires an update on the hosting server. This means you’ll need to coordinate between your web development team & hosting platform. After performing compatibility tests on the website, you may also need to adjust plugins or even shift how the site was built, which may involve marketing professionals and SEO teams.
 
With so many people involved, it’s common for the update to be passed to another party to handle and then never get done. 
 
Look to the experts for guidance on how and when to update your PHP and keep communication flowing to make sure everyone is working together to complete the update.

Check and Update the PHP Version on Your Website

PHP updates can be time-consuming, but they need to be executed before your site becomes outdated.

Make sure to check your PHP version as soon as possible and use these steps to update.

1. Check the PHP Version on Your Website

As previously mentioned, you can’t see the PHP version of your website in the dashboard or the site itself. There are certain plugins that a web developer could install to find this information. However, the easiest way is to log in to your hosting platform or contact your hosting provider.
 
Ask the hosting provider what PHP version your website and hosting server is on.

2. Perform Compatibility Testing on Your Website

Most websites were built using PHP 5.6 or lower. There are some features of PHP 5.6 that have been discontinued in PHP 7.2.
 
You’ll need to install a plugin or use a third-party PHP compatibility checker on the site. This tool will tell you if there are parts of your site that aren’t compatible with PHP 7.2.
 
If something is not compatible, you’ll need to work with a developer to adjust that plugin or theme or replace that functionality on the site.
 
If you skip the testing phase and update to PHP 7.2, there is a high risk that your website could break. 
 
NOTE: For WordPress sites, the PHP Compatibility Checker plugin is the best tool and it’s free to download & use on your website. There have been a lot of reports of false positives – where a plugin or theme is flagged as incompatible. A web developer should review the compatibility results and take a look at the errors closely.

3. Coordinate with Your Hosting Provider

After all the testing is done, you’ll want to coordinate with your hosting provider to update the PHP version of your hosting server. The steps involved and whether you’ll need to change servers can depend on the hosting company.
 
Before you do the update, make sure you have a full database backup of your website, just in case. After the update, your web developer or development company should do a review of the site code. Even with thorough testing, some errors or unforeseen issues can crop up. 

Take Action Now to Sustain a Great Website

Even though this update requires a few steps & some coordination, you’ll have peace of mind knowing that your site is not at risk. There are tons of experts and resources to help you navigate this update. So get started right away: Your site will thank you!
 

About the Author

Mikel Bruce HeadshotMikel Bruce is the CEO of TinyFrog Technologies, a full-service web agency specializing in WordPress web design & development and secured hosting & maintenance. Founded in 2003 in San Diego, TinyFrog offers a conversion-based approach to web design. With its WordPress secured hosting & maintenance service, TinyFrog currently protects over 600 websites for businesses nationwide.