Using an outdated version of WordPress core, plugins, or themes puts your site at risk. PHP is no different.
While WordPress technically works with some older versions of PHP, you’re sacrificing performance and compatibility, while opening yourself up to security vulnerabilities by using these.
For safety and stability, always aim to use the WordPress recommended versions of PHP.
In this post, we’ll talk about how to check what version of PHP you are running, how to update your PHP to the recommended version for WordPress, and how a capable hosting provider can take care of these elements for you.
Jump Links for this Article:
If you look in your WordPress site folders, you’ll see a lot of PHP files.
Since PHP powers a bulk of the core WordPress software, it’s a highly essential language for the WordPress community.
PHP runs on various platforms (Windows, Linux, Unix, Mac OS X, etc.), and is compatible with almost all servers used today (Apache, IIS, etc.).
Not only is it a major part of WordPress, but a major part of the whole web, powering 70% of all websites.
WordPress supports many versions of PHP, some even obsolete, but as a general rule you should use only those with security or stable support.
PHP has to be updated on a regular basis, just like WordPress core, themes, and plugins.
With PHP, each version receives support for two years after its initial release, then there is a period of another year where only critical security updates are released, as needed.
After this three year period, that version of PHP is no longer supported.
As of July 2021, the current recommended PHP version for WordPress is 7.4 or greater.
Quality hosting providers will generally require you to use the WP recommended version of PHP in order to use their servers, and will help you modify your site to ensure that the latest version of PHP will not break it.
For example, we’ll refer to ourselves (hey, we’re proud of our hosting!). WPMU DEV Hosting provides your site(s) with the latest sanctioned PHP versions.
Upgrading (or downgrading) to various versions is a simple process, done through our Hub 2.0.
Occasionally, some third party plugins may be out of date and cause issues with the latest version of PHP.
In that case you can look for updates, alternatives, or if necessary, downgrade your PHP version to an older one (as long as it’s still actively supported with security patch releases).
Click here if you’re interested in our full documentation on PHP through managed hosting in WPMU DEV.
Puny Helping (of) Pie — A miniscule 0.7% of sites use the most recent version of PHP, while a minimal 36.6% use the recommended version of PHP.
Sometimes, less reputable, cheap hosts will not take the initiative to encourage you to upgrade your PHP because of the additional cost of support time and resources to help you transition.
Since they don’t want to break your site by updating to newer, recommended versions of PHP, they’ll often leave your site to use outdated versions of PHP and hope it goes unnoticed.
PHP 7.2 made its debut in November 2017. Considering the three year rule, we know it reached its End of Life cycle in November 2020 (as well as the even older PHP versions prior).
This means more than one-third (37.2%) of WordPress sites are currently running versions of PHP that are no longer actively supported.
That’s not the worst of it. Historically, there have been extended periods of time where that number has hovered at and even exceeded two-thirds (66%)! This is problematic for several reasons.
For one, there are tremendous performance benefits that come with using the latest version.
According to speed tests conducted by Kinsta, across 7 versions of PHP, consider the following stats:
PHP versions show demonstrable speed differences.
You can see from the above table that with each newer version of PHP, the requests per second get incrementally faster.
Since using the recommended version of PHP takes less time to serve the same number of requests, you can give your visitors a much better user experience.
Kinsta also tested on PHP version 8, and I did want to note the scores for it, as the improvements in speed really continue to trend upwards.
With a benchmark result of 233.40 requests per second, PHP 8.0 takes a giant leap over PHP 7.4, proving to be 18.5% faster.
Step back a few more versions to 7.0, and it actually handles 50% more requests per second, comparatively.
I didn’t include PHP version 8.0 in my chart, because its support in the general WordPress purlieu is very difficult to assess. (WordPress 5.6 is presently considered beta compatible with PHP 8.0.)
Knowing this, please proceed with caution and do thorough testing before upgrading any crucial or client sites to PHP 8.0.
Maintaining code takes effort, and that effort is multiplied when you need to ensure backward compatibility for additional versions.
There is a collective sigh of relief among overworked theme and plugin developers whenever WordPress bumps up the minimum recommended PHP version, effectively knocking another obsolete version (and all of its associated coding efforts) off the table.
Rather than spending time parsing through the code to ensure that any changes to PHP do not affect it, developers can spend their time adding new features or improving security instead.
Just like plugins, themes, and WordPress core get updates to fix security vulnerabilities, so does PHP.
This is also why using a PHP version that still gets updates is so important; it protects you from vulnerabilities such as SQL injection, XSS and DoS attacks.
According to security vulnerability datasource CVE Details, there were only 2 known vulnerabilities found in PHP in 2021 YTD.
Compare this to the 14 vulnerabilities discovered in 2020, the 23 noted in 2018, and the 105 found in 2016, and you can see why updating can help protect you from many known security exploits.
Number of vulnerabilities per PHP in a given year.
It’s a matter of fact that some hackers look to see what version of PHP you’re running to determine what kind of attack would be effective.
The first step in compatibility is knowing what version of PHP your site is using.
You can easily see this information right within the WordPress dashboard.
Go to: Tools > Site Health > Status.
If your site should be using a newer version of PHP, it will be shown under recommended improvement.
If it is, then open the passed tests section to verify. You’ll see that it says Your site is running the current version of PHP, followed by the version number in parentheses.
The WordPress dashboard Site Health screen reveals your PHP version.
Alternately, you can go to Tools > Site Health > Info > Server from your site Dashboard, to see what version of PHP you’re using.
WP dashboard settings to view PHP version info.
Once you check to see what version of PHP your hosting server is running, you’ll know if you need to upgrade to the latest version of PHP.
If you do, checking your site’s compatibility with the new version of PHP is imperative. You never want to test major changes like updating your PHP on your live site, because if there are major incompatibilities, you could seriously impede or cripple your site.
For this reason, it’s ideal to create an alternate site where you can test your changes first.
Start by getting a copy of your current site. You’ll need all of the files and a copy of the database.
In some instances, you may be able to use your last backup, if your backups include both the files and the database.
You could lessen the load by using a plugin made specifically for this task. Duplicator is a free plugin offered on WP.org that has positive reviews.
If you want the most streamlined, painless process for duplicating your site, and you’re already using WPMU DEV as your hosting provider, it’s your lucky day!! Cloning is already a part of your membership!
With a few simple points and clicks through our Hub 2.0, you’ll have fully configured, deployment ready WP Sites in mere minutes.
Not already hosting with us but want to get on the bandwagon?! No problem, just click here.
For more details, see our documentation on cloning sites through WPMU DEV hosting.
Once you have a copy of your site, you’ll need to set up a testing environment. You can either use a local environment or set up a staging environment if your host allows it*.
We have a great post on how to set up XAMPP on your local computer if you need help setting up your local environment.
Once your testing environment is set up, you can add the files and database from the previous step to your testing environment, so you have an exact replica of your live site.
After you have a copy of your site in your testing environment set up, you’re ready to upgrade the PHP version of your testing site.
*Hosting through WPMU DEV includes the ability to create a staging environment, and it is a breeze to do. Click here for details.
Now comes the fun part, and by fun, I mean the tedious task of QC-ing.
You’ll need to go through your test site to make sure that nothing is broken.
Pay careful attention to the critical functionality of your site. Check out processes, newsletter signups, comments, web forms, navigation, and all of the other elements that contribute to expected usability and visitor engagement.
You want to catch any issues before they have a chance to wreak havoc on your live site and cause a bad user experience for your visitors or clients.
There are some tools that can assist with the QC process, for devs and non-devs alike. Any issues discovered that are outside your scope of knowledge can be intelligently relayed to support.
Error Log Monitor – This plugin will display a list of PHP issues as an error log in your WordPress dashboard.
WP_DEBUG – Not a plugin, rather a PHP constant (aka, a permanent global variable), this can be used to trigger debug mode throughout WordPress.
Turning on WP_DEBUG will allow you to see the PHP failure types so that you can fix them in your code. It also allows you to see any deprecated functions that are running on your site (ie, those that exist in WP but are no longer the standard way to perform a particular task).
To turn on debugging, head to your WordPress install files, open the wp-config.php file (located in the root directory), and add the following line of code near the bottom:
If that line of code already exists but says false, change it to true.
Make sure this code line in PHP matches the one in your file.
Check out this article from our blog, for a more indepth look at using WP_DEBUG.
If a plugin or theme is causing issues, work out the issue first on your test site, and find a suitable alternative that is compatible with the latest version of PHP.
Once you’ve found a solution, head over to your live site and make the changes there.
PeeHP the supported version when considering plugins for your site.
When you’re looking for a suitable plugin in the WordPress repository, remember to check what versions of PHP are supported.
Once you’ve worked through all of the bugs and kinks with compatibility, you can either push staging to live, or make any necessary changes to the live site, and then change the PHP version on your live site.
This process will vary from host to host, but will most likely involve changing a setting in your hosting cPanel. Some shared hosts will not let you access this setting, in which case you’ll need to reach out to them for assistance.
Here’s a list with instructions on how to update the PHP version for a collection of popular hosts, including WP Engine, Pantheon, Kinsta, Pagely, Bluehost, Hostgator, GoDaddy, and more.
Hosting with WPMU DEV includes our Hub interface, which greatly streamlines changing your PHP version.
Accessing PHP settings via WPMU DEV’s Hub.
If you prefer a simple solution with a clean UI for checking or updating PHP versions, give WPMU DEV hosting a try, and take one more task off your plate.
Would you rather be in a Pretty Horrible Position, or a Professionally Happy Place? Rhetorical question… I really just wanted to play with that acronym. 🙂
Cheap, shared hosting has convinced a lot of people that hosting websites is a simple and straightforward process. The truth is, there is a lot that goes into maintaining your site files and database.
Keeping all of your software up-to-date is one of the tasks that your host can and should help you with.
If they’re unwilling to help you, or hide versions to keep you in the dark, that’s a red flag that you can do much better, and should seriously consider switching hosts.
At WPMU DEV, our hosting (backed by Digital Ocean) leads the industry in value.
Not only do we help you update your PHP version, we also provide a big ole goody bag of features, such as security, caching configuration, uptime monitoring, dedicated IP, nightly backups, free & automated migration, website analytics, and more.
If you ever need help on compatibility issues with your themes or plugins, or have questions about anything WP, our top-rated support team is ready to jump in and assist, 24/7.
Also, every hosting plan is covered by our full 30-day money back guarantee (we’ll happily refund 100% of your money if you decide you don’t like it).
Whether you host with us or elsewhere, keep in mind how much value your host can and should provide.
Choose a company you can trust to take care of those automation and update tasks, like keeping your PHP version current with WP recommendations.
Don’t let subpar hosting steal your focus. You should be able to devote your time and energies to the finer details; making your sites shine with the talents that set you apart from the competition.
Permanent link to this post here