Shield Security To Drop Support For PHP 5.2 (and 5.3)

The issue that WordPress stills maintains support for PHP 5.2 burns hotly in the minds of many developers.

It’s not a decision based on what’s best for the code, but on what’s best for reputation and maintaining the WordPress userbase.

What’s the big deal about all this PHP version stuff? Who really cares?

A lot of people care, including us. So let’s leave aside the fact that:

• PHP 5.2 was first released in 2006. That’s about a year before the 1st iPhone was released. Imagine your iPhone hadn’t moved along in development for over 10 years?
• PHP 5.2 is no longer maintained so any security vulnerabilities are left to rot.

We find that developing PHP in anything less that PHP 5.4 to be a pain in the proverbial. PHP v5.3 helps a lots, but PHP 5.4 brought a couple of great little features that we like to use. But in WordPress, we just can’t.

Using PHP features that aren’t compatible with 5.2 causes problems, such as:

• larger development time/costs
• more complex development
• serious bugs/fatal errors when developers accidentally use language components that aren’t recognised in PHP 5.2

PHP 5.2 development is like typing with one finger. You’ll get the job done, but it’ll be tedious, prone to mistakes, and will take much longer.

And we’ve had enough!

Starting with v6.0 of the Shield Security plugin, any new features/code will be compatible with PHP 5.4 and above.

We’ll keep existing features and their compatibility with PHP 5.2, but we’re not going out of our way any longer to support it.

Any new features, such our new Welcome Wizard UI and options Import/Export, will be restricted to installations running PHP 5.4 and above.

Who will impacted?

It turns out only a minority of users will be impacted by this. And by “impacted”, we mean they wont get the new features. Their sites will continue to work, and Shield will keep running.

You can find out roughly how many people will be impacted by this if you look at WordPress’ own statistics. As of today, roughly 13.4% of websites that run Shield will be impacted.

Thankfully many sites are already running PHP 5.6+. This inspires some hope at-least that webmasters are moving onward.

What can you do if your PHP is less than v5.4?

It’s simple.

Contact your webhost and ask that they switch up your PHP version to 5.4. You can go higher, but best to take baby steps here since if you go too high, something may break on your site.

With cPanel, assuming your host permits it, you can change your PHP version yourself, without contacting your hosting provider.

Isn’t this a little unfair – WordPress supports PHP 5.2?

If WordPress/Automattic want to continue supporting 5.2, then we salute them. It doesn’t mean it’s the right choice for everyone else, just the right one for them.

Also, if you’re really serious about the security of your websites, and that’s why you run Shield Security, shouldn’t the core engine that runs your website (PHP) also be secured?

Questions/Suggestions and Feedback?

We love feedback… so much so that we ask for it at the end of most of our blog posts 😉

If there’s something we haven’t considered here, we’d love to hear it. Or perhaps you like the idea that your Shield Security software is taking this step forward. Let us know below!