PHP is an extremely popular open source scripting language programmers and developers can download and use for free. In fact, approximately 42% of all websites on the internet are built using PHP today.
What exactly is PHP and why is it important to know if your site is using it or how it uses it?
PHP is a server-side programming language built up from the C programming language using specific HTML-like tags to contain its code.
Originally an acronym for Personal Home Page, today PHP stands for the recursive acronym, PHP: Hypertext Preprocessor, and while it is easy enough to use for coders who are just getting started with server-side languages, PHP is also strong enough to be the core foundation of popular sites like Facebook, Yahoo, and WordPress (or the sites built with WordPress).
With both ASP and PHP, the script is embedded within the HTML (language) of a webpage and contains instructions for the web server. Using PHP software enables a web server to understand and execute those instructions so the page can be transmitted to the requesting user (or web visitor).
PHP can do the following:
- Encrypt data
- Control user access
- Gather data from forms
- Produce dynamic content
- Change, delete, and add database data
- Receive and send cookies
- Produce, open, close, delete, write, and read files
As it is the case with any language, you find an evolution in the PHP scripting and definitions over time so keeping up with those nuances can be important. From small functionality challenges to larger security problems, evaluating and implementing updated PHP programming can be vital to website operations.
Why was it urgent to update to PHP version 7.3?
Earlier this year we learned of a significant updated to PHP. And, although it may not make strategic or financial sense for a Server Host to invest in the time and resources to upgrade servers every time there’s a new PHP release, this update was important. Ignoring critical updates can have significant consequences for a website owner/manager or server host.
While PHP 7.4 is now ready for release, many server hosts and CMS managers are just now slowly adopting to PHP 7.3.
Note: PHP 7.4 has actually been released but has not yet been incorporated widely enough into content management systems (CMSs), themes, and plugins to be safe for many companies to adopt.
Why it is important to adopt PHP 7.3 if you haven’t done so already?
PHP 7.3 became available on December 6, 2018, and will continue to be supported through December 6, 2021. Hosts like Siteground started adopting PHP 7.3 in 2019 because it was faster than previous releases. It beats the speed of PHP 7.0 by 31% and that of PHP 7.2 by 9%. It also includes new functionality and features that play nice with the increasing demands of new site designs.
Two other specific improvements in PHP 7.3 are the following:
- Better function calls with acceptance of trailing commas – Trailing commas, which are commas added to property, parameter, and element lists, make it easier to edit and read code. PHP 7.3 makes it possible to include these commas (allowed in grouped namespaces and arrays in previous versions) within function calls.
- Less rigidity of heredoc and nowdoc – The heredoc and nowdoc syntaxes have historically demanded that closing identifiers should be in a new line, as the first string. With this new release, there is no longer a new-line requirement, and indenting is enabled for the ending marker as well.
But, even more importantly, PHP 7.3 resolved a number of bugs, including security loopholes previously discovered in earlier renditions of the scripting language.
There are Three key benefits of keeping PHP updated on your server
These three high-level reasons to keep PHP updated essentially echo the benefits of PHP version 7.3 mentioned above:
1.) Improvements & New Features
New releases of software include refinements and additional features such as better error handling.
Speed is critical to great user experience (UX). It will help you enhance the effectiveness of your site by improving visitor retention. The average time spent on the page rises with speed. Bounce rate decreases when pages load quickly, and conversions grow with better page load times.
As an indication of how much users care about speed, Firefox saw a 15.4% rise in downloads of its browser when they sped up their landing page by 2.2 seconds.
You will also get better rankings in the search engines. Google uses speed as a factor in ranking sites, for example. Not only will Google reward you if your site is faster; but also, if your site is slow, the search spider will not crawl as many pages of your site — which means you will not have as many of your pages indexed.
Last but not least, you safeguard yourself again intrusion by staying updated with PHP and any other software. Older versions that are no longer supported are more vulnerable to attack.
PHP is only supported through the end of its lifecycle which lasts approximately three years. There is ‘active’ support for a period of approximately two years following the launch of a new version. Security support then extends beyond that for a year or two. Beyond this, it is no longer secure to use a version of PHP once it arrives at end-of-life because there are no new updates released.
It is extraordinarily costly both to your reputation and finances if your site is hacked. Those costs can be avoided when you stay updated and secure.
Why would you want your host to keep backend software updated?
To understand the importance of updating software, simply look back a few years at the massive Equifax data breach which impacted 143 million people. A large part of the reason the credit bureau came under such heavy fire at the time was because there was a new software release available but Equifax failed to make the update. The security vulnerability was known to the hackers (and to the security community), and all they had to do was exploit it.
Programs who have not been properly updated are the target of a lot of malware. Stability and safety of software is highly dependent on updates. And, there’s a timing factor involved.
Updates are not just about data protection, of course. They are also about enhancing UX (user experience), through speed and new features — and this can affect visibility of a brand’s website. It’s just ONE of the reasons Back2Basics offers a variety of WordPress maintenance and security solutions through its licensed solutions and trusted industry partners.
Not so fast! There’s a reason why PHP updates shouldn’t be immediate.
While consumer software updates should be applied immediately, backend updates should wait a bit. SiteGround has been strategically rolling out updates of the 7.3 PHP version since late 2019, but the update was released in late 2018. The host explained why it has long made PHP 7.3 available to its customers while not making it the default version across all servers.
SiteGround noted you want to wait until the website software of the majority of web hosting clients is compatible with the new version. WordPress quickly responds and becomes compatible when a new PHP version is released, but it takes a while for developers of themes and plugins to follow suit. If a plugin you have installed on your site has not yet been updated for compatibility with PHP 7.3, your site may stop working correctly.
Finding balance and weighing the pros and cons.
Hosting companies who specialize in WordPress, like Siteground or WP Engine, understand the need of this balance and how to walk that fine line. It’s a timing thing – and you have to weigh the pros and cons of when and how to make the implementation of such updates standard.
When the majority of the plugin and theme developers are on board, it’s important to encourage the change sooner than later to avoid other potential challenges in site functionality and server security. Delaying an update because of the inconvenience to a few or the cost associated with the time and man hours to implement the change could have costly implications for other site owners on a server; as was the case with some other server hosts who put off this move to PHP 7.3 until recent days and others who have yet to make the move (as of 10 Mar 2020).
One such problem with poor time management is currently happening with a popular domain reseller and website host who is still housing a large number of sites on servers running ‘outdated’ PHP. Now, with a couple of WordPress releases published and compatible with currently available PHP code over the past few months, site owners on this particular host’s servers are still unable to update their WordPress files because its code and files are not compatible with the PHP currently installed on these servers.
Because WordPress cannot be updated, some site owners are running into design and functionality challenges due to cascading event where theme files and plugins are now also outdated or incompatible with WordPress. And, in some cases, the inability to implement updates have left the sites more vulnerable to potential malware or hacking. It’s important to understand these vulnerabilities don’t stop with the effected site owner – they can affect any site hosted on the same server of the effected site if a hacker can find and exploit an entry through their code to the server.
- PHP 7.3 has better security than previous releases.
- It is significantly faster.
- It has new features, such as better flexibility of heredoc and nowdoc syntax, as well as the ability to use trailing commas within function calls.
- What’s more, PHP 7.3 is now far enough past its release date to have been widely incorporated into content management systems (CMSs), themes, and plugins.
Is your site running slow? Is it having functionality challenges? Do you see spam coming from your site?
When is the last time you ran updates on your WordPress, theme files, plugins or form software? Do you think your site might not yet have updated to PHP 7.3?
Back2Basics can help WordPress website owners manage the tedium of routine maintenance tasks and security monitoring. See our approach or contact us for more information today.