[2022-11-1] Update: As of Shield v17 we’re dropping support for PHP 7.0 and 7.1. In order to run Shield v17, your web hosting will need to run at least PHP 7.2+
[2020-4-20] Update: As of Shield v10, we’ve moved to dropping support for all PHP 5 versions. To run the latest security features on your site, you’ll need to upgrade to PHP 7.0+.
Earlier this year we announced that we were dropping support for PHP 5.2 for all new features added to Shield Security.
This change actually didn’t pose a problem for anyone running older versions of PHP as all pre-existing features were still supported. But it made our work in development and support far easier and faster.
But, we’ve now realised that the current situation is untenable. In our latest Shield release, we accidentally allowed newer PHP code to be accessible on installations running PHP 5.2.
This crashed some of the few sites that were still running the much older PHP.
The time taken to test and vet code for these older versions of PHP is disproportionately large, compared to the number of sites that actually operate on them.
Supporting older, dangerously outdated platforms is placing a huge burden on us in development and testing, for little or no payoff or benefit for the overwhelming majority of our clients and customers.
We’ve decided that the the hurdles that we must overcome are too costly.
Starting from version 7.0, Shield Security (due early November) will drop support entirely PHP versions less than 5.4.0.
At the time of writing, less than 9% of WordPress sites are running PHP less than v5.4.
When we decided to drop support for PHP 5.2 for new features around this time last year, the number was over 11%. So we’re moving in the right direction, if a little slowly.
From this chart, only 18% of WordPress websites are running an actively supported version of PHP (i.e. v7.1+)
What Are Your Options?
By now, all major web hosting companies are supporting PHP as far up as v7.2. We’re not recommending you go that far immediately, but chances are high you could switch your PHP to at least 5.4.0 without any issues.
The best place to start is your web host. Contact their support and find out what your options are. We’ve seen hosts provide a PHP Selector through cPanel that lets you easily switch your PHP version.
We recommend you switch up your PHP versions in stages. That is, move it up a version and test your site. If all seems to be working, leave it for a week and monitor it closely. Then, if you’re happy with it, adjust the version upwards once again and repeat the process until you can go as high as you can without having any errors.
In this way you’ve gradually upgraded your PHP installation in a safe, incremental way, without having to call on the expertise of a developer.
For more on this, have a look at our Ask Paulie Anything episode here.
What If You Can’t Upgrade?
If you find can’t upgrade to at least PHP 5.4, then chances are high that your site is really very old, or is hosted on outdated web hosting.
All we can suggest here is that you may need to invest the time (and money) to bring your site up to modern hosting standards. This is a great investment in both your site speed and your site security.
If your web host is holding you back, don’t feel that you’re bound to them for life. Perhaps it’s time to explore other hosting options – many hosts will even migrate you for free as part of their package.
If you think about it, how often do you upgrade your phone, your PC, or your tablet? Quite often for most of us. Why should website hosting be any different? If you’re running on PHP 5.2, your site is running on software that was built before the very 1st iPhone was ever released.
Questions or Comments?
We know that for a small minority of you, this is likely to cause frustration. But we can only hope you understand our position.
There is no good reason to stick to old software for our websites, and so many more reasons to start developing our software for a modern platform of performance and security.
If you have any questions or comments, please let us know.
Easy To Set Up
It was really easy to set up. They have a dashboard interface that you need to click on – to turn each variable ON or OFF. You get to choose whether you want to have Login Protection, to lock down comments (one of the main ways that we get spammed),…
Great Product. Never had any problems
I use both the paid and free product and have found both easy to use and comprehensive. I have used other security products but after testing I prefer Shield. I have the paid version on a multisite set up and it works seamlessly. The flexibility it offers is great, with…
Overall great plugin
Many great features and support is quick and helpful.