78% of the web powered by PHP, 1% on PHP 8

Today, PHP is used by almost 80% of all the websites whose server-side programming language we know. Popular websites such as Slack, Etsy, Wikipedia, WordPress, Mailchimp, Canva, Indeed, Investing.com, and others are powered by PHP.

However, in the coming months, many websites that fail to upgrade to the latest version of PHP 8 will be left running unsupported versions.

Usage of server-side programming languages for websites 2021
Usage of server-side programming languages for websites (source: w3techs)

 

PHP 7 EOL (end of life): Upgrade to PHP 8!

PHP 8 percentage of websites

PHP 7 was released back in 2015, and 68% of PHP-based websites still use PHP 7. Meanwhile, PHP 8 was released in November 2020, yet only ~ 1% of PHP-based websites currently use it!

This slow uptake of PHP 8 will become a much higher priority upgrade for organizations very soon. In fact, PHP 7 loses active support next month and loses security support in one year!

Extended support for PHP 7.4 will end on November 28, 2022. After this date, applications will continue to run; however, those applications will be out of support and at risk of security vulnerabilities that remain unpatched.

In addition, after November 28, 2022, Microsoft will no longer support PHP, and mainly Unix-based distros such as Linux will be the OS supported by future versions of PHP and continued feature, quality, and security updates.

If you would like to upgrade to PHP 8 now, also read this: PHP 8 Compatibility Check and Performance Tips.

 

Disable expose_php

When enabled, the expose_php parameter communicates to the world that PHP is used on the server. This php.ini setting also exposes which PHP version is installed as reported by the HTTP headers (for e.g., X-Powered-By: PHP/8.0.12). For best security, it is recommended that you disable this php.ini parameter.

 

Conclusion

Back in 2017, I wrote a similar article. Back then, the majority of PHP-based websites ran an aging PHP version, PHP 5. However, PHP’s extended support had around two years left.

Currently, this is not the case for PHP 7.4; and unless PHP developers announce an extension for their support for PHP 7, there’s sure to be a large chunk of unsupported PHP versions powering the web.

With the recent acceleration of cyberattacks, ransomware, and greater requirements for improved application security and observability, we should all make plans to upgrade to PHP 8 now!

Tags: , , ,