22 Aug 2023
Just for your information: At the time of writing, the PHP 7.3 engine is the latest PHP version. In this article, we are not discussing the code itself but specifically referring to the engine that executes PHP.
Various security services, online scanners, and even WordPress itself immediately respond to the release of the latest PHP version by labeling the PHP 7.2 engine and previous PHP releases as insecure. But is that really the case?
WordPress also does its part by discontinuing support for PHP 5.6 and displaying warnings in your dashboard.
The site diagnosis tool in WordPress raises a critical note about using outdated PHP, not only in terms of version differences but also for intermediate updates.
How seriously should we take outdated PHP? What is outdated about PHP?
Support, development, and security patching for PHP 5.6 and 7.0 ended in late 2018.
The lack of support and security patching for older PHP versions is therefore a serious issue when it comes to the security of your website and even the web server itself.
Once hackers discover a vulnerability, they can exploit it repeatedly!
Hackers, especially automated scripts, infect, modify, or compromise website after website with viruses. It’s only a matter of time until they come across your site on Google, test it, and infect it if your website is running on the outdated PHP engine.
Okay, so outdated PHP versions are insecure?
Are there already known issues, hacks, or vulnerabilities for older PHP versions?
During our research, it seemed that there are very few known vulnerabilities.
We are aware that vulnerabilities are exploited by hackers and are often only shared among them, so many vulnerabilities may not be publicly known…
However, we found a website that registers weaknesses, vulnerabilities, and issues of PHP versions.
And there are not just 2 or 20…
This website displays a LARGE NUMBER of weaknesses, issues, and vulnerabilities – at the time of writing, there are 600+ registered, and this number will only continue to grow due to the lack of support for old PHP versions!
Updating to the latest PHP version is not a luxury, but an important key to keeping your website and server secure.
Additional Information
The role of your web host in updating to the latest PHP release
Your web host is responsible for the current PHP version, but not every host is quick to update the server to the newer PHP versions. In some cases, you may need to ask for it.
Note: if you have an unmanaged server, you or your server administrator are responsible for updating the PHP engine.
Your role in updating to the latest PHP release
If your website contains outdated plugins or themes, there is a risk that the website will no longer function after the PHP update.
How often does that happen? Our experience is that 1-3 out of 100 sites do not work after a PHP update (by the way, neither we nor our clients experience these issues because they keep their websites quite up-to-date).
What to do if your WordPress website no longer works after the PHP update
The solution to get your website working again is simple if you are accustomed to using FTP software. You need to manually update your WordPress and plugins. New updates are often compatible with newer PHP versions.
Why manually through FTP software?
Because your website is not working, you cannot do it through the admin panel 😉
What you need to do is manually replace WordPress or your plugins via FTP/directly on the server. (Make a backup first)
PS: Rename the old plugin by adding a “-” before the name and then upload the new plugin. In the case of the WordPress core, put it in a different folder and upload
the latest WordPress release.
