PHP was originally developed back in 1994 and has since become one of the most popular general purpose scripting languages for the web. In fact, WordPress is built with PHP and has become the world’s most popular content management system, powering over 75 million websites!
Given its long history, there are legacy applications that were built with PHP but aren’t actively maintained, creating potential security risks. In fact, PHP version 5 is still used by nearly 60 percent of websites that use PHP as a server-side language, even though it’s no longer actively supported!
In this article, we will take a look at how to determine your PHP version, why you may want to consider upgrading, and how to get started with the process.
PHP versioning 101
PHP uses a point versioning system to control its releases. The first number is the major version, the second number is the minor version, and the third number is the release version. For example, PHP version 5.3.10 represents major version 5, minor version 3, release 10.
Support for these versions is organized into three categories:
- Active Support: These are versions that are actively supported, which means that bugs and security issues are fixed and regular point releases are made.
- Security Only: These are versions where there’s only support for critical security issues and releases are made on an as-needed basis rather than any definitive schedule.
- End of Life: These are versions that are no longer supported, which means they may be exposed to unpatched security vulnerabilities.
The current support status of each PHP version is available on the PHP website.
How to determine your version
The easiest way to determine what PHP version you’re running is by uploading a single-line PHP file to your server:
<?php phpversion(); ?>
The PHP file will print the server’s current PHP version. If you want more detailed information, you can also run `<?php phpinfo(); ?>`, which returns information about the operating system, extensions, configuration settings, and other information related to the server environment.
If you have command line access to the server, you can also run the following command at the command prompt:
The output from the command is much more concise showing the PHP version and the build date and time.
Why upgrade your PHP version?
Most people would agree that keeping software up-to-date is a best practice, but in some cases, there are costs to consider. For example, developers may need to refactor or rewrite code when upgrading between two major PHP releases, and an organization’s budget may not factor in maintenance costs.
That said, there are two important reasons to consider upgrading your PHP version: Old versions may have security vulnerabilities that expose your application to significant risk, and new versions include new language features and bug fixes that can improve your application’s performance.
PHP is a powerful language and interpreter that’s able to access files, execute commands, and open network connections on the server. While these characteristics are useful for developers, they open the door to a number of security risks if applications aren’t properly locked down.
PHP is designed to be more secure than comparable languages like Perl and C, but that security depends on the proper configuration and coding practices. In addition, the PHP language is updated often to ensure that it’s secure from a structural standpoint—to eliminate bugs in PHP itself.
Outdated PHP versions, such as those prior to 7.1, are considered end-of-life and are no longer patched. Known security vulnerabilities for these versions exist, and applications using them may be at risk. The number of security vulnerabilities tends to increase as the version ages.
Language features & bug fixes
New PHP versions also include new language features and bug fixes, which can improve your application’s performance and reduce server and user-facing errors. The improved user experience and lower resource usage helps reduce server costs and makes the application more useful to users.
Developers upgrading from PHP version 5.6 to PHP version 7.0, for example, can access anonymous classes. These are a useful alternative to writing full class definitions when creating throwaway objects. In development, that translates to less development time and resource overhead.
Bug fixes can also dramatically improve application performance by reducing errors—including user-facing errors. It’s not uncommon for legacy applications to have error logs that are packed with warnings. In some cases, these can be remedied with a simple version upgrade.
Creating an upgrade plan
Many newer programming languages aren’t concerned about backward compatibility between versions. Fortunately, PHP’s core development team is very cognizant of these changes since it has been around for many years—they’re aware that many PHP applications are running on older versions.
When planning a PHP version upgrade, it’s important to check the PHP documentation, which includes guides for migrating between versions.
These guides typically cover:
- New Features
- New Functions
- New Global Constants
- Backward Incompatible Changes
- Deprecated Features
- Other Changes
You should have a meeting with your development team to discuss what parts of the application code base would need to be refactored or rewritten to function with the newer version. In addition, you can explore if you want to refactor using new features to improve performance and stability.
The actual process of upgrading a PHP version is very straightforward. If you’re using cPanel, you can simply update the PHP version from the PHP Version Manager or PHP Configuration options. If you have a dedicated server, you may need to upgrade from the command line.
If you’re interested in a more hands-off approach, Siftware specializes in modernizing legacy PHP applications. We will help you assess security and performance, make necessary upgrades, and provide ongoing support. That way, you don’t have to invest in a rewrite to see business value.
The bottom line
There are a surprising number of legacy PHP applications running outdated versions of PHP, which opens the door to security risks and performance issues.
Siftware provides a hands-off option for those looking to improve their PHP application’s security and stability. Contact us today to learn more about how we can help with one-time or ongoing maintenance projects.