Skip to main content

WordPress & PHP 5.2

It’s a love/hate relationship between WordPress and PHP that lately seems to be heated up due to still the minimal version being PHP 5.2. Specially plugin developers want to push the required version higher even though the stats show it’s a risky thing to do. In this posts I want to highlight some things to make it a bit clearer for people why it is this difficult. Not only for WordPress but also for hosts. Due to my experience working at a host and talked with a lot of them during the years I believe I can show some insights why this is the case that you maybe don’t have.

Should WordPress update

The simple answer would be no. The current state shows that 12% of the users still using PHP 5.2. If we include all out of date versions then it would be 83.4% of the users. This because since 14 Sep 2015, PHP 5.4 is also End Of Life. If WordPress want to move to PHP 5.5 a lot of users will have to deal with it. Also due to changes like switching to MySQLi in PHP 5.5 issues can easily pop up by people doing mysql_*() calls in their plugins. I believe finding ways to move to 5.3 and then 5.4 is the best way. Reason is that you group people in moving. Go directly to PHP 5.4 would mean a bigger group.

Should hosts force update

The same reasons as WordPress can go here. It’s not as simple that a host should update their PHP version since most of them already did. See http://phpversions.info/ for some of the recent information. If you look at the table you see that a lot of hosts support multiple versions. They kind of expecting/hoping customers will update to a more recent one. Also you see that several hosts already have PHP7 beta/RC in some way. And the list isn’t even complete.

The reason why it’s the same reason as WordPress is that, specially for the bigger hosts, the numbers for PHP 5.2 users are to high. Some hosts have 10/100 thousands of customers running this version and killing it would mean broken sites and a huge increase of support tickets. Even more crazy is the some hosts still have plenty of customers running PHP 4.4. For them I can say, please kill that version and see what happens when moving them to a higher version and learn from that experience.

Also for hosts it’s really tricky with a lot of older versions of WordPress, Joomla etc. Which could break when running 5.5. People could have used functions that got deprecated in 5.3 and removed in 5.4. I have seen multiple cases that this happened. Most of them were custom build sites that can’t be updated with a press on a button. And then you have all those customers who expect help from their host in updating their PHP.

So host need to find ways to push customers to newer version in a good way without to much breakage at a certain time so that their support can still handle the support requests. Also PHP 5.2 doesn’t have to mean that security issues aren’t patch. Some host still do this themselves but I don’t have any real data to back up in how they do this.

Work Together

Since the issue isn’t that easy to solve, it’s really important that we all work together. Pushing the version on both sides can result in negative effect on the other side.

Scan tool to check breakage

Checking which plugins on WordPress break on the latest PHP versions and hide them would be a great way to help out users in selecting their plugins. Also for developers to see if they can improve their plugin. Having this as a general tool would even be better so that even hosts can scan their customers projects to see breakage it advance.

Setting a date

I still believe in setting a soft date on when to move to PHP 5.3/5.4 would be a good thing to do. Obviously this shouldn’t be set by WordPress but by the PHP community which WordPress and all the hosts are part of. Having a date where the majority agreed on would make it more obvious for the customers that the move is needed/required. It also doesn’t mean the date is set in stone but more a guideline where to focus on.

Conclusion

I hope I made it clear that not only for WordPress but also for hosts it’s really tricky do force their customers to a newer version of PHP. If still a large number of your customers running PHP 5.2 then the only thing you can do is to push them bit by bit to update their PHP version. I guess the thing that is missing is that the customers aren’t rewarded to make the update. They think why all the hassle if my site is still working.

If you like more reads about it then checkout ticket 33381 which shows the current discussion. Curious enough, when moving to PHP5 there wasn’t much discussion on ticket 16917 though there were a few tickets about added a nag which always got closed as wont fix.

I have heard there were quite some issues then when stop supporting PHP 4.4 and those issues are now again. Moving from PHP 5.2 to 5.4/5.5 is much more of a pain then moving from 5.5 to 7.0. Though there are changes, they are less more likely to break things.

One Reply to “WordPress & PHP 5.2”

  1. Mark Hamstra -

    The last minor release of MODX (2.4) increased the minimum officially required version from 5.1.1 (!!!) to 5.3.3. This was accompanied by a dashboard configuration checker widget (and an update check in the installer coming in the next patch as that was overlooked, oops) that warned users they were using a really old version of PHP.

    There have been a couple of people that had issues after the upgrade (partially because the missing check in the setup that didn’t stop them), but all in all it’s mostly gone unnoticed to the vast majority. I’ve spoken a few people that had the issue, and they either didn’t realise they were on 5.2 or they knew they did but hadn’t made time to upgrade yet. Net result is that people upgraded their servers (as you hint at, in many cases simply by toggling the version in the hosts control panel or adding a line in the .htaccess).

    WordPress is a lot bigger than MODX and there are a lot more novices in the community too (the MODX community is primarily made up from web developers and designers), so there might be a bit more resistance and need for better communication when such a change is made in WordPress.

    In my opinion, WordPress has the opportunity to trigger a lot of people to look at their host to update their servers. While there may be some that have a real reason they can’t upgrade, most of the people probably just don’t know they’re on an old version, or just haven’t made the time yet.

    Maybe WordPress could start by putting a warning on the dashboard informing the user they run old and insecure software, and then up the minimum to 5.3 in the next minor release?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *