The end is near! At least for PHP 5.6 and PHP 7.0. Why update? Why is there so much old PHP out there? How to establish an up-to-date mindset.
This is a long read, including backgrounds, philosophical questions and trivia on the topic. Do not expect code examples.
It’s about time. “PHP 5.6” is the last 5 version around and there will be no security patches from December 2018 on. Any new vulnerabilities will not get fixed any more. The same applies to the initial PHP 7 release, version 7.0. It was released in December 2015. The current version is PHP 7.2 and PHP 7.3 is approaching next.
See the officially supported PHP versions and there lifespans here.
As of September 2018: PHP 5 is still the most used version of PHP. According on who you are asking, you will get different answers:
Why the differences? Well, I believe W3Tech is just crawling the web sniffing the X-Powered-By
header to get the version in use today. That includes all the public IPs with all the neglected websites out there. As this gives potential hackers information about the PHP version, it's common practice to suppress or fake this header, so maybe take this number with an extra grain of salt. WordPress is luckily a little ahead, as it is an active community of "web designers", with a big stake in the United States. And of course, Jordi with Composer is ahead, as those PHPeople are mostly "web developers" who care more about such things.
We and other develoPHPers are thrilled by the new PHProfessionality: Composer, Laravel — for us PHP really made the switch to a modern programming language. Still PHP has a bad rep for being the Pretty Home Pages language — and that is also still true. PHP was and still is (beside JavaScript) the first web native language to pick to create home pages. And many of those websites are still around. It’s all those tiny businesses and their semi professional web designers. When you receive $200 to build a website for a restaurant, you are not likely to maintain it for the next 10 years.
And it’s the mass of shady shared hosting providers who are keeping the clients locked-in in long term contracts and outdated versions. I can imagine that half of those PHP 5.6 websites could actually be switched off by now. But that’s not the interest of the hosting providers, they are more interested in keeping them around.
What ever the real number of old PHP installations in the whole internet will be, there soon will be tens of thousands of outdated and unprotected PHP servers out there waiting for hackers to take them over. Maybe we should all gather together and raise awareness for the situation so that more PHPeople wake up and update? What about a hashtag like **#uPHPgraded**
?
Or maybe, even better, that’s a call to establish new business models? Imagine, what would you do with that army of zombie servers? Bitcoin mining or Facebook farming?
Keeping your own code and the underlying software dependencies up-to-date is more than just a good practice, it’s a requirement. On fortrabbit, we are in this together. We are responsible keeping the infra up-to-date; your are responsible for the code you write and use. Updating keeps your code secure, fast and agile. Our clients are obligated to use up-to-date software by our terms under 4.13.
The up-to-date mindset requires some thinking ahead and discipline. Technical debt is the keyword here. Consider upfront that all the code your are having out there, will constantly need some attention and time.
It’s easier when you are code maintainer and business owner, like with a start-up or as a freelancer on your own projects. It’s more complicated in bigger structures and in client-agency relationships. Make maintenance an topic early on, include it in your estimates. Raise awareness on the importance to keep your software up-to-date. Reserve a time budget for that upfront.
I am very happy to see the PHP language under heavy development coming closer to shorter release cycles and even breaking some old habits. It’s alive. Let’s embrace change and move forward.
Originally published at blog.fortrabbit.com.