[2022-11-1] Update: As of Shield v17 we’re dropping support for PHP 7.0 and 7.1. In order to run Shield v17, your web hosting will need to run at least PHP 7.2+
[2020-4-20] Update: As of Shield v10, we’ve moved to dropping support for all PHP 5 versions. To run the latest security features on your site, you’ll need to upgrade to PHP 7.0+.
Earlier this year we announced that we were dropping support for PHP 5.2 for all new features added to Shield Security.
This change actually didn’t pose a problem for anyone running older versions of PHP as all pre-existing features were still supported. But it made our work in development and support far easier and faster.
But, we’ve now realised that the current situation is untenable. In our latest Shield release, we accidentally allowed newer PHP code to be accessible on installations running PHP 5.2.
This crashed some of the few sites that were still running the much older PHP.
The time taken to test and vet code for these older versions of PHP is disproportionately large, compared to the number of sites that actually operate on them.
Supporting older, dangerously outdated platforms is placing a huge burden on us in development and testing, for little or no payoff or benefit for the overwhelming majority of our clients and customers.
We’ve decided that the the hurdles that we must overcome are too costly.
Starting from version 7.0, Shield Security (due early November) will drop support entirely PHP versions less than 5.4.0.
At the time of writing, less than 9% of WordPress sites are running PHP less than v5.4.
When we decided to drop support for PHP 5.2 for new features around this time last year, the number was over 11%. So we’re moving in the right direction, if a little slowly.
From this chart, only 18% of WordPress websites are running an actively supported version of PHP (i.e. v7.1+)
What Are Your Options?
By now, all major web hosting companies are supporting PHP as far up as v7.2. We’re not recommending you go that far immediately, but chances are high you could switch your PHP to at least 5.4.0 without any issues.
The best place to start is your web host. Contact their support and find out what your options are. We’ve seen hosts provide a PHP Selector through cPanel that lets you easily switch your PHP version.
We recommend you switch up your PHP versions in stages. That is, move it up a version and test your site. If all seems to be working, leave it for a week and monitor it closely. Then, if you’re happy with it, adjust the version upwards once again and repeat the process until you can go as high as you can without having any errors.
In this way you’ve gradually upgraded your PHP installation in a safe, incremental way, without having to call on the expertise of a developer.
For more on this, have a look at our Ask Paulie Anything episode here.
What If You Can’t Upgrade?
If you find can’t upgrade to at least PHP 5.4, then chances are high that your site is really very old, or is hosted on outdated web hosting.
All we can suggest here is that you may need to invest the time (and money) to bring your site up to modern hosting standards. This is a great investment in both your site speed and your site security.
If your web host is holding you back, don’t feel that you’re bound to them for life. Perhaps it’s time to explore other hosting options – many hosts will even migrate you for free as part of their package.
If you think about it, how often do you upgrade your phone, your PC, or your tablet? Quite often for most of us. Why should website hosting be any different? If you’re running on PHP 5.2, your site is running on software that was built before the very 1st iPhone was ever released.
Questions or Comments?
We know that for a small minority of you, this is likely to cause frustration. But we can only hope you understand our position.
There is no good reason to stick to old software for our websites, and so many more reasons to start developing our software for a modern platform of performance and security.
If you have any questions or comments, please let us know.
After having one instance of a brutal hacking attack on my website, I have chosen ‘Shield WordPress Security’ and have so far found it excellent.
Great and really simple security!
I must say this is one of the best security plugins I have ever used. In my own personal tests the plugin is rock solid and it doesn’t lock you out from your site or generate errors on updates. It also simplifies a lot the work I have to do…
This is the ONE, the only ONE. I try so many different security plugins and by far this is the best nothing comes close.
Hey there beautiful! Do you like what you've read here? :)
If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)
You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.