The primary reason to upgrade to PHP 7 is that PHP version 5 reached end-of-life (EOL) on January 1, 2019. This means that PHP 5 will stop receiving security updates by the end of the month, and even if someone finds a security hole in the software the developers will not fix it.
In addition to the security risks involved with the soon-to-be ignored version 5, PHP 7 has many improvements over version 5. These include performance improvements.
PHP 5 has many known bugs that relate to performance, slow page load speed, memory usage and more. PHP 7 will help your website run faster, and also allows the use of more modern programming structures. Some plugins will not be compatible with 7 if they have not been recently updated/maintained by the developer. In which case, the upgrade could take down your website. If that happens, you’ll need to deactivate all plugins, find the one causing the problem, and then reach out to the plugin developer to find out how soon an upgrade will be released. If there’s no time frame, or no response from the developer, uninstall the problematic plugin(s) and replace it with one compatible with both PHP 7 and WordPress 5.0.3.
Many WordPress sites are still running on PHP version 5.6 or older. Some web hosting companies are not automatically upgrading existing sites to the latest version of PHP (as a service to their customers). Most website owners don’t know that this upgrade needs to be done. Once support for PHP 5 ends, these sites will become exploitable as new PHP 5 vulnerabilities emerge without security updates.
What You Need to Do Before the end of January.
Make sure your website is running on (at least) PHP 7.1. As of this post, some hosting companies now have PHP 7.2 available. If you don’ know how to verify the PHP version yourself, contact your web hosting company support department and ask. If I’m doing the maintenance on your site, I’ll be confirming this for you and will take care of the upgrade, if needed.
If your web hosting company is not offering the latest version of PHP and has no way for you to upgrade, I recommend you transition to a new hosting company ASAP.
Some hosting companies will do the upgrade for you. Others will provide a link to an article on their website with instructions on how to do that yourself. On the sites that I’ve upgraded thus far, I’ve had the most issues with VPS hosted sites that pretty much required an act of Congress to get the hosting company to make the upgrade available in cPanel. Regardless of how you do the upgrade, BE SURE YOU HAVE A COMPLETE, FULL BACKUP OF YOUR WEBSITE — all content, images AND databases — BEFORE UPGRADING, just in case the upgrade takes down your site. In fact, that happened on two of the sites I’ve upgraded this month. If I’m maintaining your site for you, I have a backup available for quick restoration.
Upgrading From 5 to 7? No; You didn’t miss an upgrade. PHP 6 was supposed to be the next major release, but the project failed. Too many bugs.
Which Specific Version of PHP 7 Do You Need?
Ideally, you should upgrade to PHP 7.3.1, which is the newest version just released on January 10th. However, most hosting companies haven’t gone past 7.2 (as of this post).
If you are unable to upgrade to the latest version then, at a minimum, you should upgrade to PHP 7.1. Full support for PHP 7.1 will end in 1 month, but will continue to receive security updates for another year.
Do not upgrade to PHP 7.0. This version will also reach EOL in one month.
(Originally posted in the Nov. 2018 newsletter. Updated Jan. 2019)
Can You Tell if Your Website has been Hacked?