By: Gurpreet Kaur
May 18 2021

Why Update PHP: An All Inclusive Guide

A computer is a marvellous creation, it can be used to build and execute any number of software and instructions that we may want. What is even more marvellous is that it understands exactly what we want it to do. And this extraordinary task is possible because we have programming languages that speak in computers. 

One of them is PHP or Hypertext Preprocessor. It is an open source programming language that runs on a web server, which has been popular throughout its life cycle being the go-to language for web development.

PHP with its server-side scripting together with HTML and its execution in the browser are immensely popular especially when creating dynamic websites is in question. Majority of Drupal sites are built on it, the entirety of Drupal is written in PHP, I think that should be proof of the language’s epic capabilities. 

A graph represents the market position of PHP.
Source: W3Techs

The above image further clarifies the doubts about PHP’s capabilities and well, its popularity. 

There are numerous adjectives that I can use to describe PHP’s competencies, however, the one that is appropriate for how the language is going right now would be ‘behind schedule.’ And sadly this adjective isn’t for the language itself but for the websites and developers using it. The reason is the delay in its update. 

Today we’ll try to understand the language in regards to its versions and the capabilities that come with each of these versions and then we’ll get to the important question as to why PHP is not being updated and what you stand to lose, if you keep delaying. 

Let’s start by understanding PHP’s Life Cycle

Like everything else in this world, PHP also comes with an expiration date. Each of the PHP versions has a fixed life cycle, beyond which using it can be detrimental. Usually this life cycle is around three years, once those three years are completed the version becomes unsupported, you can still use it, at your discretion though.

When a PHP version is released, it is actively supported for the next two years. This active support entails the frequent fixing of bugs and security issues and their consequent patching. The third year, sometimes even fourth, will only entail releases pertaining to critical security issues. This is also the time when the next version becomes available. 

Once these three years have been completed for that particular version, it becomes unsupported. There won't be any fixes or patches, not even for security and using such a version would mean you are making yourself vulnerable.

As of now, 

Version 5.6;
Version 7.0;
Version 7.1;
Version 7.2;

Have reached their end of life, meaning they are no longer supported, yet many sites are still on them. So, which are the versions that are supported and should be ideally used? The answer is 7.3 and above. 

The image includes a table and a graph, both depicting the supported versions of PHP.
Source: php.net

Any version that is still actively supported would be the only one ideal for your web projects. Talking about projects under the Drupal flagship, the same three supported versions are the only ones recommended by the CMS; proving that there is truth to what I am saying. This is exactly also why Drupal is able to avoid the misconception that it is difficult to use and has stayed relevant with changing times.

Versions of PHP supported by Drupal are listed in a table.
Source: Drupal.org

Taking the supported PHP versions under the microscope

I have said a number of times that using a supported version is ideal, now let’s understand the why. Yes, they would get new updates, fixes and patches quite frequently, but that is not it; these versions are also perfect to use because they have features that are unfound in the previous versions. It’s like being on Android 9, you are missing out on a lot of features that Android 10 is powered with and there is no advantage in that. 

Let’s look at each of the supported PHP versions to understand this. 

Version 7.3 

The third version of PHP 7, version 7.3 was released in December, 2018 and is said to be faster than its predecessor. There weren’t changes in this version, but the improvements that were made proved quite helpful. 

  • The 7.3 came with more flexible heredoc and nowdoc syntaxes; 
  • The 7.3 came with multibyte string functions; 
  • And the 7.3 also had Argon2 password hash enhancements; 

All of these made this release better than the last.

Version 7.4 

Released almost an year after the launch 7.3, PHP 7.4 brought along significant in two key areas; 

  • Performance, by adding the preload functions to speed up loading significantly; 
  • And code readability, with features like typed properties and custom object serialisation. 

PHP 7.4 also marked the end of PHP 7 as this was the last version before 8 came along.

The Newest Kid on the Block: PHP Version 8 

PHP 8.0.0 is the latest version of the scripting language. Released on 26 November, 2020. This was a major release for PHP coming almost three years after version 7 was released. Although there are a lot of new features added to this new release, speed optimisation that was introduced in PHP 7 will continue improving on it. 

JIT Compiler, union types, type annotations and reflection signatures are some of the new features found in this release. Here is a video highlighting and explaining the prominent new additions in PHP 8.

What will the update mean for you?

Up until now, you must have gotten a fair idea that updating PHP will be beneficial for your web project. Yes, sometimes updating can seem like a mistake, but that isn’t the case with PHP, not in the least. 

There are the additional features that were lacking in the preceding version of the update, you definitely benefit from that. Apart from that bonus, three discernible reasons to update PHP that should make the process all the more worthwhile.

Heightened Security 

The paramount benefit of always updating PHP is security. With every update, you’ll be more secure in the site because that running version is going to be fully supported and patched frequently for any and all security vulnerabilities. 

As we’ve already discussed, as versions come to their end of life, they do not get patches and fixes, making your project unprotected from threats. 

A graph illustrates the security vulnerabilities of PHP from 2000 to 2019.
Source: CVE Details

Looking at this graph, it is clear that PHP experiences security vulnerabilities, with 2016 being the year marking the highest level at 106. 

A line graph depicts the types of security vulnerabilities in PHP.
Source: CVE Details

Talking about vulnerabilities by type, denial of service, overflow and execute code are the ones topping the ranks. An update is what will prevent these security threats from being a threat and if you don’t update, you’ll have to be extra diligent about them. Is that something you want to do instead of working towards achieving your goals? I doubt it.

Perpetual Support

Then comes support, which becomes almost absent in older versions of PHP. Much like every other advancement we see, whenever a new one rolls by, interest in its older version starts diminishing and it is understandable. For PHP, this diminished interest means that the preceding versions would not get the kind of support from the community that it used to and its compatibility would lessen.

Think about it from the developers’ perspective, since they are the ones creating plugins and themes for every version. When they can devote their entire time and attention in creating something wonderful for a new version, do you think they’ll be interested in doing the same for something that is almost antiquated? I do not think so. 

There is also the concern of time, developers become occupied with the newer versions, so they do not get the time to oversee support for the older versions, making them somewhat incompatible for newer browsers and general development. 

So, when you keep updating PHP, you will continue to get support for it in the form of new plugins and themes and any issues you may face will be resolved quite quickly. You won’t ever see a 2000 comment thread for an issue in a new version, since there will be perpetual support to fix that.

Superior Performance

New technology will always outshine old in terms of performance, right? The same is true for PHP versions. When you update, security and support benefits would be there obviously, however, the more apparent benefit would be the one related to performance. You will be able to tell the difference almost immediately. 

Things that you had to work for diligently to achieve will come out of the box. From better latency rates to being able to handle more requests per second, everything would improve when you update.

Here are two images that show PHP Benchmarks for performance in version 5.6 and 8.0 and the improvements in performance are more than evident between the two versions.

The performance analysis of PHP 5.6 is shown.
The performance analysis of PHP 8.0 is shown.
Source: PHP Benchmarks

Then, why are the older versions still active?

When an update brings along such benefits, it should be a no brainer. Yet there are umpteen sites that are still on the older versions of PHP. 

The usage statistics of PHP versions are shown in a bar graph.
Source: W3Techs

The fact that more than one-third of PHP sites are still on version is kind of sad and hard to digest even. I mean version 5.6 reached its end of life on 31 December 2018, almost two and a half years ago, yet it is still active without any support.

So, why is that? Why are these sites keeping themselves vulnerable when they can be secure? Let’s try to understand the reasoning. 

The obliviousness about the update 

The foremost reason for not updating is the obliviousness surrounding the update itself. The thing about web projects and websites in general is that, although they are built by developers, the people running them on the daily may not have knowledge about its technical sides. All they are concerned about is the fact that the site is running and functional and that it looks good. 

For these non-technical site owners, updating PHP isn’t something to be concerned about. Half the time they are oblivious about the fact and even if they do know it, they’d not pay much heed to it. Many a time, it is the developers and web hosts, who have to push the site owners for the update and they don’t always win that battle based on the W3Techs statistics.

The investment of time

If we talk about updating PHP to version 8.0.0, it is fairly easy to do so. However, that ease is contingent upon the code being updated. If the code is up-to-date, you’ll have an easy-breezy update. If not, you’ll be looking at a huge investment of time and resources. And that is the second reason why sites don’t update.

  • Developers who have older plugins and themes will have to put in a lot of time and effort to update their code because the newer version would not be compatible with an outdated code. 
  • Then comes the testing that needs to be done to ensure the compatibility of the update, which is quite extensible because there will be a great deal of plugins to test.

The apprehension surrounding the update’s effects

Lastly, it is the apprehension that comes with the thought of the update that makes site owners immensely hesitant about updating. 

What if the update breaks the site?
What if the update results in additional support tickets?
What if the update makes the site stop functioning altogether?

These what if pose a massive roadblock even before the road to update has begun. Fortunately, all of them are unwanted and misguided. 

Remember the previous reason, it talked about updating the code before updating to a newer version. If you update without making the code compatible your site will break, there isn’t a shadow of doubt about it. 

Apart from that the update won’t affect your site in a negative light. Upon updating PHP on a site built on a CMS like Drupal, you’ll instantly see an improvement in performance and that isn’t something to be apprehensive about, rather you should be looking forward to it. Learn more about how keeping the dependencies like PHP has helped Drupal 9, the best version of it so far, to make upgrade from previous version simpler.

How do you go about the update?

Now that we’ve discussed everything concerning the PHP update and have established that it is more than imperative to keep PHP updated, we have come to the final aspect of the process, which is how to update PHP.

The update is done in two parts, one is a prerequisite and the second is performing the actual update itself.

Checking PHP version compatibility

The first part of the PHP update is to check whether your site is even compatible with the version you are trying to update to, in regards to the themes and plugins, they should be updated to their latest version. This is also one of the reasons I mentioned in the previous section as to why sites don’t update PHP.

You would need your developers for this, since they’d be the ones who would add or fix support for the version to be updated. There is also the option of choosing alternate plugins, if that is what you prefer. 

Once your themes, plugins and current code is updated, you’ll be ready to perform the update. 

A little side note; You should remember though, that updating the staging site before updating the production site is the better way to go. This is because if you do encounter any mishaps during the update, you’ll be able to fix them on the staging site without any effect on the live site.

Choosing the suitable way to update 

The actual update can be done in three ways depending on the build of your site and the kind of tools you have access to.

Through the cPanel 

If you have access to a cPanel or your host provides access to the same, you can simply go to the control panel, log in and change the version of PHP to the one you want; it’s as simple as that.

Through your own server 

You can update PHP using the migration guide provided by php.net, that is if you are the administrator of your own server. This guide covers the migration procedures from version 5.5 to 8.0 and clarifies all the details related to the update from new features to backward incompatible changes and deprecated features.

Through a web host 

If the aforementioned ways don’t work for you, that is you don’t have access to the cPanel and you are also not the administrator of your site, then you can simply ask your web host to perform the update for you. 

Conclusion 

There comes a point in life when you have to say goodbye to what has been normal for you because something else has taken its place. And it’s almost never a bad thing. Has anyone ever felt sad after updating their iphone? I don’t think I know anybody who has, maybe a little upset about the hefty bill, but never about the product. 

The same is the story with PHP updates. It may seem like a daunting task to undertake, much like paying a thousand dollars for the iphone, but in the end, it’ll be you, who’ll be basking in the benefits of the update. Is that not something you’d want?