Nothing like a looming data security crisis to start your week, eh?

PHP support not found: Roughly 62% of the internet is a sitting duck in 10 weeks

Jane Elizabeth
© Shutterstock / AjayTvm

PHP is a cornerstone of the modern internet, with 80% of sites using it. Now, as the end of life for PHP 5.x version gets closer and closer, a whopping 62% of the internet is estimated to be vulnerable to looming security issues.

Nothing like a looming data security crisis to start your week, eh? It turns out, if you haven’t updated your PHP version in a while, you could be in for a bad 2019. Roughly 80% of the internet uses PHP, which is fine. What’s not fine is how absolutely no one has upgraded past a 5.x version.

According to W3Techs, around 62% of websites on the internet still use a 5.x version. You know, a project release that initially came out in 2004.

While it’s impressive that a 14 year old release is still used widely, it’s time to upgrade. This isn’t a suggestion, by the way. As of December 31, 2018, PHP will no longer provide security support any 5.x versions. So, any website running an old version of PHP will no longer receive security updates for their server and website’s underlying technology.

“If anyone finds themselves running PHP 5 after the end of the year, ask yourself: Do you feel lucky? Because I sure wouldn’t,” said Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise.

SEE ALSO: How to prevent and react to cybersecurity threats

A ticking time bomb for PHP

This looming security crisis hasn’t come from out of left field; the PHP community has seen this clock ticking down for some time.

PHP end of life schedule. Time is running out!

PHP 5.6 was the most widely used version back in 2017, just when its end of life had just arrived. So, they decided to delay the official EOL, in the hopes that new users would upgrade to a newer version.

That hasn’t happened.

Of the three biggest website providers — WordPress, Joomla, and Drupal– Drupal is the only one to make moves and adjust its minimum requirements to PHP 7. Unfortunately, that move is scheduled for March 2019.

As for the other two, Joomla’s minimum requirement is PHP 5.3 and WordPress’ minimum requirement is still PHP 5.2.

WordPress is used for more than a quarter of the world’s websites – including this one. Having widely popular yet unsupported branches for a major internet presence is just asking for problems down the line. After all, ransomware hacks like WannaCry happened after Windows XP support finally ended.

SEE ALSO: How intent breakdown caused Meltdown and Spectre

What can you do to keep your system safe?

Upgrade, upgrade, upgrade. Upgrade your website, your libraries, your server platforms, and everything you can think of. PHP 7.x is a fine replacement. You shouldn’t worry about moving on up.

This is more pressing than you’d think, thanks to the GDPR. What’s more expensive, spending the money now to upgrade your site or wait until you’ve been hacked and maybe pay 4% of your revenue in fees? This definitely falls under the “an ounce of prevention is worth a pound of cure” category.

So, don’t delay. You only have until New Year’s Eve to get this all sorted. Best hurry on over to PHP and upgrade today! Now, if you don’t mind me, I’m going to call our developers and doublecheck we’re not sitting on a ticking time bomb.

Jane Elizabeth
Jane Elizabeth is an assistant editor for

Inline Feedbacks
View all comments