PHP 5.6: Support stops at the end of 2018

Security support for PHP 5.6 expires at the end of December this year. The function updates for version 5.6 were discontinued as early as January 2017. The support’s “end of life” date was postponed by one year because the script language version PHP 5.6 was proving to be extremely popular.

Millions of websites work with PHP 5.6

Dynamic websites use the scripting language to run a large number of their programs. Even if you use a CMS like WordPress or an online shop software like Magento, you usually need to have PHP installed on your server. According to a web technology survey by the company W3Techs, 61.4% of the 10 million largest websites use PHP 5 on the server side. Of these PHP 5 users, 41.6% will be making the most of the free security support (that comes with the PHP 5.6 release) until the end of the year. After that, they will no longer receive security patches.

If hackers discover a vulnerability in PHP, it can also be dangerous for websites running PHP 7.1 or higher – the main differences between the versions are their shorter execution times and optimized core. However, these PHP versions will continue to receive security updates until December 1, 2019 at least.

Outdated PHP versions are widespread

PHP 5.6 will no longer receive official protection from PHP.net as of January 1, 2019. Support for the newer – but less common – version PHP 7.0 actually expires a month earlier, on December 4, 2018. But that is only part of the problem.

W3Tech’s statistics also show that a large number of websites that use PHP 5 are still using older versions of PHP 5.6 in the backend and this is about to expire. 58.4% of websites running PHP 5 already pose a security risk. That’s 35.9% of all websites surveyed, about 4 million domains. In January, this figure will almost double if users do not update to a supported PHP version. Developers therefore advise switching to the latest version when it is released on December 13, 2018: PHP 7.3.

W3Tech’s statistics also show that a large number of websites that use PHP 5 are still using older versions of PHP 5.6 in the backend and this is about to expire. 58.4% of websites running PHP 5 already pose a security risk. That’s 35.9% of all websites surveyed, about 4 million domains. In January, this figure will almost double if users do not update to a supported PHP version. Developers therefore advise switching to the latest version when it is released on December 13, 2018: PHP 7.3.

PHP update: Yes or no?

The number of outdated PHP versions indicates that many website operators either don’t know that their scripting language isn’t up-to-date or are afraid of an update. If you are not sure which PHP version is running on your server, you can check it in the hosting provider’s control center. You will usually find a section for PHP settings there and the respective version will be displayed for all domains. PHP 7.1 or higher is currently recommended. Compared to PHP 5.6, dynamic websites load more than 100% faster.

A few clicks is all it takes to upgrade your version of PHP via your hosting provider. However, due to a lack of backward compatibility, errors may occur on the website. Operators with little programming experience and ready-made applications may then face a problem that they can only solve with an expert’s help. If you replace PHP 5.6 with the current version 7.2, you should always check the new version in a test environment before going live with it.

Tip

1&1 IONOS is one of the few hosts that also supports old PHP versions with security updates: with the PHP extended support, you decide if and when you want to update your PHP version.