Important PHP security update website owners need to make before 2019

If you have a CMS website (WordPress, Joomla, Drupal etc.) chances are there’s an important security update you NEED to make before 2019.

If your website is built on a CMS system (WordPress, Joomla, Drupal etc.), there’s some important changes coming up you should be aware of. These kinds of websites are built using a programming language called PHP. I won’t bore you explaining what that is, all you need to know is that it is the code used to create your website, and very soon a version of it is going to become vulnerable to security issues.

Just as there are WordPress and plugin versions, there are also versions of PHP. A very common one (PHP 5.6) is about to reach what is called end of life (EOL) by the 31^st December 2018.

What this means is, there are newer versions of PHP available so support for the older versions will cease. Therefore, sites running on these older versions will become vulnerable to any new PHP 5 threats because security updates will no longer be provided.

Don’t panic, this doesn’t mean that your site will be hacked if you don’t upgrade, but leaving it does increase your risk. Its the same as your WordPress core, theme and plugin updates. They are updated to improve functionality, resolve bug fixes and patch any security vulnerabilities. Not updating doesn’t necessarily mean that your site will be hacked, but it certainly increases your chances.

The following table shows important dates for PHP 5 and PHP 7:

Here’s what you need to know

Firstly, Find out what PHP version your site is running on. If your website was built more than 1- 2 years ago, chances are strong that you’re running on 5.6. However, even if you have a newer website, it’s still worth checking because many hosting companies still set the default PHP version to 5.6.

According to stats from wordpress.org shown in the pie chart below, about 60% of all WordPress sites are using older versions of PHP. So statistically your site has a high chance of being among them.

If you don’t know where to look to find this setting, you can either ask your web developer, hosting company, or use a plugin such as Display PHP Version.

If you find that you’re site is running on PHP 5.6 or older your next step is to ensure that your theme and plugins are compatible with PHP 7 before upgrading. Here’s another handy plugin that can help with that: PHP Compatibility Checker.

Regularly updated themes & plugins should be fine but if something isn’t compatible, you will have consider alternatives. It’s probably a good idea to do so anyway if they’re not up to date.

How to upgrade

If you’re unable to do so yourself, again you can either get your web developer or hosting company to make the PHP upgrade for you. As always, have a full back-up of your site on hand before making any major changes. Once you do, it’s also wise to completely clear your website & browser cache to ensure everything is still working as it should.

With regard to which version specifically you should upgrade to, ideally it should be PHP 7.2 (the most recent version) which is fully supported till the end of 2020. If this isn’t possible, then at least 7.1 as security updates for 7.0 also ends very soon (3rd December 2018).

As a bonus, upgrading to PHP 7 comes with a number of benefits. Most notably, improved website performance and site speed, so get upgrading!

If you would like help from us with this, feel free to either contact us here to discuss options.