PHP 7.0 Security Support Reaching EOL. Update and Stay Protected

PHP 5.6 and 7.0 will stop getting security updates before the end of this year. As of 3rd December 2018, security updates and patches will no longer be released for these versions of the scripting language.

PHP End of Life Date

After this date, websites still using these versions of PHP will be vulnerable to attacks. Not to mention that should this happen, you’re likely to suffer in terms of traffic, and rankings.

According to official WordPress stats, that equates to 62.4% of websites built on WordPress will become vulnerable after this time, and with WordPress now powering 30% of the web, that’s a lot of security risks.

https://wordpress.org/about/stats/

The statistic is even higher for websites not built on the popular CMS, at 77%. It’s shocking to see how many websites are not kept updated. Not only is it benefecial from a security standpoint, but there’s also performance enhancements to consider from PHP 7 onwards.

The following shows a breakdown of WordPress sites and which PHP version they are using.

PHP Version Stats Nov 18

Why are there no more security updates?

Every PHP release has an EOL (End of life). This is no different than operating systems such as Windows. A release is supported until a certain date, at which point it’s recommended that the user updates to a newer version. Websites work in the same way (assuming your website is built on PHP as most websites are these days, rather than static HTML).

From the official PHP website:

“A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.”

All website owners therefore should make sure their website is kept up to date to stay protected, and to protect their users.

Why do website owners not update to newer versions of PHP?

There can be several reasons why so many websites are outdated. It’s possible that website owners are not aware of PHP revisions. It could be down to the agency not having the resources to test (as there’s a lot of testing) after an update due to a lack of resources, or it could be the hosting provider doesn’t support / offer the latest revision (Cheap hosts are known to do this due to the amount of support tickets they receive when offering the latest revision.) Whatever the reason is, there’s certainly a lot of websites at risk.

Which version of PHP am I using and how do I upgrade to a newer version?

The easiest way to see what version of PHP you’re currently utilising is via cPanel. Before doing so, we recommend that you take a backup of your website at this stage before making any changes. Done? Ok, let’s move on.

If you’re going to have issues, it’s more likely to be with a plugin than a theme. This is going off the assumption you’re using a premium theme, and not a free one. Free themes are rarely updated, and this can cause a big problem. If you have a problem and it’s with a plugin, this is more straightforward to resolve.

  1. Check to see if there are any updates for your plugins. If so, update them.
  2. If not, look for an alternative plugin that offers similar functionality.

You should never run plugins that are not kept updated as they pose security risks. Plugins are essentially modules of PHP code, that you’re installing into your website. So before doing so, make sure they’re from a reputable source (repository or paid only) and not nulled, have good reviews, and are updated frequently.

Now, log into your hosting provider and head over to cPanel.

  1. In the search box, type ‘PHP’ and select ‘PHP version manager’
  2. Here you will see a list of your domain/s with the PHP version in brackets alongside.
  3. Clicking on a domain, will let you change the PHP version you’d like to use, at which point you can save. If you’re on an older version of PHP, it’s recommended that you upgrade.

At this stage, it’s crucial you go and test your website to make sure this hasn’t broken anything. Make sure everything loads correctly, contact forms still work and so forth. Hopefully, all has gone well. If so, take another backup. You should now have a before and after backup.

Should you run into any issues or just feel like not doing this yourself, why not check out our website maintenance service? We can take care of all your website maintenance needs for you, leaving you to focus on running your business.