Updating PHP is everyone’s responsibility

The number one remark I heard when I launched WPupdatePHP, is that users shouldn’t be bothered with this. In an ideal world, this is true, but in reality this isn’t going to stand for long. Allow me to explain why:

  • The core WordPress team can’t get every single hosting company to comply. I admire their intentions, but in reality this is not going to help everybody.
  • At the time of this writing, PHP 5.4 is actually already nearing its EOL date and we’re still figuring out how to make PHP 5.2 and 5.3 platforms go away…
  • The end user is one of our most important, but underestimated, assets in this battle. They have the strongest voice in this all.

Okay, that’s the tl;dr and now in a bit more detail:

The core WordPress team can’t do it all

I know the WordPress core team is working really hard to get webhosting companies to update their PHP versions and I agree up to a certain level that this is the best way. It’s not the only way though. The core team won’t be able to contact each and every single webhosting company in the world, so they are basically just getting the largest names in the webhosting scene to cooperate.

This will help lower the percentage of PHP 5.2 and 5.3 users out there. There still will be people on older PHP versions who are caught out and without them knowing what is going on, nothing will change for them. In my opinion it is inevitable to let users know their website runs on PHP versions from the stone ages. It’s admirable that WordPress wants to do this without bothering her users, but I think that’s impossible.

It’s not a one-time effort

Have a quick look at the supported PHP version list and specifically at the date PHP 5.4 will no longer receive security fixes: 14 Sep 2015.

Yep, in six months we’ll have this same issue all over again. As soon as webhosting companies have finally finished off their PHP 5.2 and 5.3 environments, we can start this whole campaign all over again to get rid of PHP 5.4. And so on. This is not a one-time effort and therefore it requires involving end users.

In that same list, I hope you have seen that PHP 5.4 is actually only receiving security fixes for 5 months already? So the efforts to get people on PHP 5.5 and higher should already be in full motion.

WPupdatePHP is designed to shift the focus from getting on PHP 5.4 now, to require even higher versions in the future. While the big step we need to take now is to get away from PHP 5.2 and 5.3, this should only be just the beginning of a brighter future for WordPress and PHP.

End users can have a massive impact on this all

Even if they are not technical at all, in most cases it’s one email to the hosting company to get their PHP version updated. When a customer of your company asks you why the hell he is still on a potentially insecure version of PHP that is unsupported for years (literally), you better have a good answer, right? Or even better, you have the tools in place to get them on a more recent version of PHP right away. If you don’t, you’ll lose business.

This can only happen when the end user is aware of what’s going on in the hosting platform they use. Honestly, I think it’s a very bad practice for webhosting companies to keep their users on these old PHP versions. It’s even worse that WordPress still supports these versions. I want to make a change and start forcing users to contact their webhosting companies when they are on old PHP versions.

It’s been long enough, I choose to act now

Don’t understand me wrong, I like what WordPress is doing to get these requirements bumped, but I think it’s not enough. I disagree on the fact that users shouldn’t be involved in this. It’s easy enough for users to request their hosting platform to be upgraded. If their request isn’t heard, they should find a better webhosting company.

At the same time I’m enabling plugin developers to bundle the WPupdatePHP library so they can bump their PHP version requirement. A lot of people are backing this idea and the first plugins who have actually made the move to PHP 5.4 are already showing (prime example is the Twitter plugin, it also includes a notice to end users that their PHP version doesn’t meet the requirements).

It’s been long enough, I choose to act now.