Update: As of Shield v10, we’ve moved to dropping support for all PHP 5 versions. To run the latest security features on your site, you’ll need to upgrade to PHP 7.0+.
Earlier this year we announced that we were dropping support for PHP 5.2 for all new features added to Shield Security.
This change actually didn’t pose a problem for anyone running older versions of PHP as all pre-existing features were still supported. But it made our work in development and support far easier and faster.
But, we’ve now realised that the current situation is untenable. In our latest Shield release, we accidentally allowed newer PHP code to be accessible on installations running PHP 5.2.
This crashed some of the few sites that were still running the much older PHP.
The time taken to test and vet code for these older versions of PHP is disproportionately large, compared to the number of sites that actually operate on them.
Supporting older, dangerously outdated platforms is placing a huge burden on us in development and testing, for little or no payoff or benefit for the overwhelming majority of our clients and customers.
We’ve decided that the the hurdles that we must overcome are too costly.
Starting from version 7.0, Shield Security (due early November) will drop support entirely PHP versions less than 5.4.0.
At the time of writing, less than 9% of WordPress sites are running PHP less than v5.4.
When we decided to drop support for PHP 5.2 for new features around this time last year, the number was over 11%. So we’re moving in the right direction, if a little slowly.
From this chart, only 18% of WordPress websites are running an actively supported version of PHP (i.e. v7.1+)
What Are Your Options?
By now, all major web hosting companies are supporting PHP as far up as v7.2. We’re not recommending you go that far immediately, but chances are high you could switch your PHP to at least 5.4.0 without any issues.
The best place to start is your web host. Contact their support and find out what your options are. We’ve seen hosts provide a PHP Selector through cPanel that lets you easily switch your PHP version.
We recommend you switch up your PHP versions in stages. That is, move it up a version and test your site. If all seems to be working, leave it for a week and monitor it closely. Then, if you’re happy with it, adjust the version upwards once again and repeat the process until you can go as high as you can without having any errors.
In this way you’ve gradually upgraded your PHP installation in a safe, incremental way, without having to call on the expertise of a developer.
For more on this, have a look at our Ask Paulie Anything episode here.
What If You Can’t Upgrade?
If you find can’t upgrade to at least PHP 5.4, then chances are high that your site is really very old, or is hosted on outdated web hosting.
All we can suggest here is that you may need to invest the time (and money) to bring your site up to modern hosting standards. This is a great investment in both your site speed and your site security.
If your web host is holding you back, don’t feel that you’re bound to them for life. Perhaps it’s time to explore other hosting options – many hosts will even migrate you for free as part of their package.
If you think about it, how often do you upgrade your phone, your PC, or your tablet? Quite often for most of us. Why should website hosting be any different? If you’re running on PHP 5.2, your site is running on software that was built before the very 1st iPhone was ever released.
Questions or Comments?
We know that for a small minority of you, this is likely to cause frustration. But we can only hope you understand our position.
There is no good reason to stick to old software for our websites, and so many more reasons to start developing our software for a modern platform of performance and security.
If you have any questions or comments, please let us know.
After having one instance of a brutal hacking attack on my website, I have chosen ‘Shield WordPress Security’ and have so far found it excellent.
Absolutely Simple, Intuitive & Complete.
This is not a paid review. You can simply install it then remove it if you disagree, however, this is one of the most useful, unrestricted and intuitive defense WordPress plugins I’ve used. Everything is clearly defined, the support is quick and most important of all, their documentation is on…
Finally a Security Plugin that doesn’t bloat and works!
After trialling all sorts of security plugins I got fed up of all the extra bloat and bulk that was added to the database, Shield does a very good job of working silently in the background without annoying notifications and emails.
Must Have, Easy to Implement, Good Security
I am impressed with the ease at which I could configure the security of my wordpress site with this tool. I especially liked the 2-factor Auth support, specifically the support for hardware tokens (yubikey) was what set this plugin apart for me. I am new to wordpress, but not to…