So your website has been running perfectly fine for all these years but now WordPress is suddenly throwing a warning on your dashboard “WordPress has detected that your site is running on an insecure version of PHP.” How can this be fixed?
What is PHP?
At the very early stage of internet and websites there were mostly static websites built with plain HTML. I still remember building one of my first websites the old school way and boy, things have changed so much over the years! In order to make websites more interactive, faster, and to be able to drive more applications, PHP and ASP were created. PHP is more used than ASP, mainly because ASP runs from a Windows server only.
The term PHP stands for Hypertext Pre-processor but originally stood for Personal Home Pages. It is installed on most Linux based servers and can also run on Windows servers. It is mainly used (but not limited to) for running applications that are connected to a database, such as WordPress, Drupal, Magenta, etc. PHP is basically a compilation of multiple classes and filters (called libraries) which can be individually switched on or off. For instance PhpZip, Imagemagick, etc. So if it is not possible to extract (unzip) a file in WordPress for example you may want to look into installing the PhpZip library for your PHP version.
How Do I Know Which Version Of PHP Is Installed?
Strange enough the WordPress PHP warning does not tell you which version is actually running on your server. There are various ways of checking this; log in to the control panel of your server and check the PHP selector, uploading a PHP info file to your main directory, but probably the simplest way is to install a plugin from the WordPress repository. After installing this plugin the PHP version will be printed in your WordPress dashboard.
Why Does WordPress Tell Me To Update PHP?
Simply put: It is a potential security issue. Older versions of PHP will not be maintained and therefor create a security issue. Newer versions also include updated coding, speed improvements, and new tools. Since WordPress is always in motion and keeps a close eye on security and implementing new features, it will remove or update certain PHP codes from the source files. So when this happens your website that is running on outdated PHP cannot be upgraded anymore and can potentially break. This will happen slowly or suddenly but it never comes at a good time.
The current version of PHP is 7.4 and you should at least update your server to version 7.2 for security and compatibility reasons. When your website is still running on PHP 5.6 or lower it won’t take long before error messages will start to appear.
Do I Need a New Website When I Get A PHP Update Warning?
This will be a good sales pitch but that is not how we roll. In most cases your existing website can be updated to be compatible with the newest PHP release. That if you have been treating your website with some Tender Loving Care over the years. Regular website maintenance is key for longevity, code compatibility, and will most likely reduce the bill for upgrading PHP if you hire a professional to do this job for you.
So you don’t necessary need to invest in a new website but if you haven’t been updating the technical components of your website for five years or more you probably want to look into how cost effective an upgrade is in comparison to a website makeover. And even so, if your website was developed in a solid WordPress framework such as Genesis or GeneratePress for instance, there might be light at the end of the tunnel. Most problems occur with off-the-shelf templates that are abandoned by the developers after some time.
Can I Update PHP Myself?
Potentially you can, just like I can probably fix my car instead of going to a garage. There is a certain risk involved, especially if you haven’t been updating the plugins, WordPress core and your theme files on a regular basis. And still things might break. That is not really fair now, is it?
And if you decide to take this task on yourself, please make sure to create a full backup of your website and database before doing anything else! This is the most important step, even if your website is all up to date. Just do it! A full backup of all your files will give you peace of mind and the power to revert in case something happens. So let’s put this in a checklist for you daredevils:
PHP Update Checklist
- Check if your hosting provider has a new PHP version available. You can check this in your Cpanel or Plesk PHP Selector. Of course you have more options if you have a (semi) dedicated server where you can install applications via SSH.
- Create a full backup of your website and database and store it somewhere save.
- Not mandatory, but very handy to have: If you have access to a second hosting account you can duplicate the website on a server where you already have the newest version of PHP running. This will allow you to test the website without interfering with the live website.
- Check if there are any other websites or (sub) domains running on the same server. A PHP update will apply to all websites on the same server / control panel.
- Make sure to update all plugins, WordPress core, and template files.
- Check when plugins were last updated by their developers. When a plugin does not show that new updates are available it could also mean that the plugin is not developed anymore. You want to check when the plugin was last released and if it is compatible with your version of WordPress. The same goes for your template. And do this for all the websites on the same server.
- Log in to your hosting account and go to Cpanel, Plesk, or log in with SSH and update PHP. You can find the PHP selector in your control panel or use SSH to upgrade PHP via command line.
- Test your website. Everything! Forms, eCommerce, Media Gallery, etc. Did nothing break? Great job!
I Am Scared To Update PHP Myself, Please Help!
Updating PHP is not without risk so make sure that you have a backup plan when something fails. This is not a task that you particularly would like to do yourself if you don’t feel comfortable and are afraid to break your website.
Do not hesitate to reach out in case you need our assistance with this daunting task. We have helped many web admins and have the resources at hand to test your website in a PHP 7> environment without interfering with the live website. We will start with taking a look at the current status of your website and then provide you with a honest quote. You can then decide if you want to go ahead or give it some more thought. It is that simple.