One of the appeals of WordPress is you don’t need to have any technical knowledge to share your thoughts, ideas or services. So when articles with headlines like “Using PHP 5 becomes dangerous in 2 months” pops into your inbox or news-feed it can cause a bit of a concern.
Over the last week I’ve been asked a few times to explain what it means and if they should be concerned. So below I have explained what PHP is, what the headlines refer to and what you need to do.
Like with a number of Content Management Systems, WordPress is written in the scripting language PHP (Hypertext Preprocessor.) The PHP scripts included in your WordPress installation need a PHP interpreter which processes the script to enable them to work. This interpreter is a PHP module that is installed on the server by your webhost.
You may notice that PHP isn’t really an abbreviation of Hypertext Preprocessor, this is because it was originally called Personal Home Page.
The PHP project releases new versions of PHP and like most software, older versions come to their end of life. This is where they are no longer supported for updates and security patches. For example, if you run Windows XP Microsoft are no longer releasing any updates or security patches.
What the headline above is referring to, is PHP version 5.6 and 7.0 are coming to the end of life in December this year. 7.0 on the 3rd December and 5.6 on the 31st December. If there was a security issue or vulnerabilities identified, no fixes would be made for these versions.
WordPress will run on older versions of PHP, so you may not know what version your website is running. You can check this in a number of ways.
- If you have wordfence installed, it will show you in Wordfence >tools> diagnostics
- You could install a simple plugin like Display PHP Version from the plugin Repository.
- Check in your CPanel to see if it is displayed or ask your web host.
What to do if you are running one of these PHP Versions
If your site is running on PHP version 5.6 or 7.0, it is recommended that you move to version 7.1 or greater. In most CPanel’s you can check which versions your web host supports and change the version yourself without needing to change your files.
If you do not have this option in your CPanel, contact your webhost support to find out.
Although I suspect highly unlikely, if they do not support anything above version 7.0 and have no plans to change this shortly, it may be worth looking at moving your site.
PHP Version Incompatibility.
Although WordPress files are compatible with PHP Version 7.2, some of your plugins and your theme may not be. You can check these with a plugin like PHP Compatibility Checker Plugin.
If it reports some plugins or your theme is not compatible, it might suggest that the plugin is no longer being actively managed and may be classed as abandoned. If this is the case it isn’t recommended running abandoned plugins and it could present security risks itself.
With WordPress not requiring any technical knowledge, I have suggested actions above that do not require manually creating/amending files.
It is always good practice if you install a plugin for a particular purpose, once no longer needed, remove the plugin.
If you would like to know other ways to check or amend versions please leave a comment below.