Today, PHP is used by almost 78% of all the websites whose server-side programming language we know. Popular websites such as Slack, Etsy, Wikipedia, WordPress, Mailchimp, Canva, Indeed, Investing.com, and others are powered by PHP.
However, in the coming months, many websites that fail to upgrade to the latest version of PHP 8 will be left running versions that are no longer officially supported. That said, make sure you are at least covered by backporting.
Usage of server-side programming languages for websites (source: w3techs)
PHP 7 EOL (end of life): Upgrade to PHP 8!
This slow uptake of PHP 8 will become a much higher priority upgrade for organizations very soon. In fact, PHP 7 loses active support next month and loses security support in six months!
Extended support for PHP 7.4 will end on November 28, 2022. After this date, applications will continue to run; however, those applications will be out of support and at risk of security vulnerabilities that remain unpatched.
In addition, after November 28, 2022, Microsoft will no longer support PHP, and mainly Unix-based distros such as Linux will be the OS supported by future versions of PHP and continued feature, quality, and security updates.
If you would like to upgrade to PHP 8 now, also read this: PHP 8 Compatibility Check and Performance Tips.
When enabled, the
expose_php parameter communicates to the world that PHP is used on the server. This php.ini setting also exposes which PHP version is installed as reported by the HTTP headers (for e.g., X-Powered-By: PHP/8.0.12). For best security, it is recommended that you disable this php.ini parameter.
Back in 2017, I wrote a similar article. Back then, the majority of PHP-based websites ran an aging PHP version, PHP 5. However, PHP’s extended support had around two years left.
Currently, this is not the case for PHP 7.4; and unless PHP developers announce an extension for their support for PHP 7, there’s sure to be a large chunk of unsupported PHP versions powering the web.