We’ve written before about the upgrade cycle from PHP5 to PHP7, and believe it or not, PHP8 is due to be released this week on Thanksgiving Day. As a site owner, you may be wondering how this affects you. Just under 80% of websites are scripted using PHP, which includes the most common content management systems like WordPress, Drupal, and Joomla. Of those sites running PHP, more than 40% are still on version 5; if that includes your site, you have more significant problems and should get your site updated to PHP7 as soon as possible.
What Does This Update Mean?
PHP is a programming language installed directly on your server; for the most part, you probably do not interact directly with it, but your content management system and other software on your site rely on it to work. As new versions of the software are released, you or your web host need to download and install the updates as you would any other type of software. Most PHP releases are minor updates that fix small bugs or patch known security vulnerabilities and are broadly backward compatible. We’ve said before that while front-end frameworks change frequently and follow trends, the typical backend stack that includes PHP moves at a more deliberate pace, and you generally don’t need to worry about whether an update will negatively affect your site. But major updates that come along every few years are the exception that proves the rule.
Major updates, particularly new branches like the jump from 7.x to 8.x, are different stories. These releases incorporate new features and techniques that broaden and improve the functionality of the underlying software. They also can remove functions that were supported in previous versions, usually for security or performance reasons. For example, PHP 7.x ran far more effectively than its immediate predecessor, and most sites that we upgraded saw a noticeable boost in speed. However, some (older) sites needed to be partially recoded to work on the updated version of PHP.
Should You Update?
The answer to this question is yes, but not yet.
We’ll address some of the specifics below, but PHP 8.x does include some significant improvements that should make it more efficient and secure. One of the most notable new features is the incorporation of Just in Time compiling (JIT). Not to get too technical, but JIT watches your server for code functions that repeat frequently and “preload” them to save time and computing resources. There’s little evidence that this will have a noticeable impact on the typical website (at least not immediately), but JIT has done wonders for other scripting languages, and we can expect that this will allow for new possibilities that were not previously feasible on PHP.
PHP8 also removes some previously supported functions in a bid to make the language more secure. Whereas PHP has historically been highly fault-tolerant (meaning that it prioritizes making sure that the code runs even if it finds small errors or warnings), the downside has been greater vulnerability to security threats. The newest version of PHP cracks down somewhat in throwing errors for faults that may have previously rated only a warning and so on. The functions that will no longer tend not to be in heavy circulation (and were already deprecated on PHP7), but if your site is older, you may need to refactor your code to make it PHP8 compatible.
The first thing to know is that you have time. While PHP 8 comes out this week, you can (and should) wait to do anything. PHP 7.4 came out one year ago, and the PHP community will continue to support and improve it (by fixing bugs) for another full year (November 2021). From there, you’ll have another whole year (November 2022) where security issues will continue to be patched for that PHP version. This is called “End of Life,” and you almost certainly want to complete your update before then; any sites remaining on PHP 7.4 are on their own if a security vulnerability is discovered.
Within that two year range, our recommendations depend heavily on your particular situation. If you use an off-the-shelf CMS like WordPress, the platform itself should do most of the work. All of them are already reviewing and testing their code on PHP8, and you can expect that they will announce when it is safe to upgrade your site (and for which WordPress versions). As of now, they plan to support PHP 8.0 as of the next scheduled WordPress release (5.6), which is due on December 8. If you are on an older WordPress branch, you may want to consider completing your WordPress updates first before making PHP updates.
As a secondary but more salient issue, you’ll also have to evaluate whether the plugins that your site depends on making use of any older PHP functions that are no longer supported; while the most popular plugins are sure to have this on their radar, older plugins that are no longer receiving ongoing support may have to be abandoned.
If you custom built your site or PHP application, now is an excellent time to raise the question of PHP 8.0 support with your developer while you still have plenty of time to address it. Sites built over the last several years on PHP 7.x should upgrade without significant issue, but older sites may require significant redevelopment (mainly if they use functions that were deprecated on 7.x but are still technically working).
How We Can Help
Our current clients can be sure they will hear from us over the next year to discuss our plans for upgrading their site to PHP8. If your site runs on PHP and you’re not sure what comes next for you, we can evaluate your current site and help you come up with a plan to bring your site software up-to-date. Reach out for more details and to schedule a consultation.