78.9% of all the websites are currently using PHP, according to W3Techs. Further, 61.8% of these websites are running PHP version 5. What’s alarming about these stats is that PHP will stop providing security support for PHP 5 from 31 December 2018.
2019 will begin as a bad year for users who keep on running PHP v5 for their websites. The PHP v5 is around a 14-year old release, which is still used widely. But, the time to upgrade has come.
After 31 Dec, if the users continue to run the outdated version of PHP, they wouldn’t receive security updates for websites and underlying technology. This will leave their websites open to cyberattacks.
PHP community had decided on stopping security updates for PHP 5 last year itself. But PHP 5.6 became the most-used version then, and the community postponed the decision to this year.
Currently, WordPress, Joomla and Drupal are the top website providers. But it seems like only Drupal has taken the security seriously. It will require users to have minimum PHP 7 to run the website from March 2019.
On the other hand, Joomla asks for minimum PHP 5.3, and WordPress has set minimum requirement of PHP 5.2. It’s well-known that around one-third of the websites today are powered by WordPress. Since, the users aren’t forced to upgrade to newer versions, they keep on using the old versions.
“The biggest source of inertia in the PHP ecosystem regarding versions is undoubtedly WordPress, which still refuses to drop support for PHP 5.2 because there are more than zero systems in the universe that still run WordPress on an ancient, unsupported version of PHP,” Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise, told ZDNet in an interview.
To avoid the risks of being exposed to attackers, website owners need to upgrade their website, libraries, server platform, and every web-related thing. They should run their site with PHP 7, without giving it a second thought.