PHP 7.4 reached end of life in November 2022. That’s over three and a half years without a single security patch from the PHP development team. For a long time, running PHP 7.4 was an acceptable risk. It no longer is.
In Shield Security’s next major release, PHP 8.2 will be the minimum supported version. If your site is still running PHP 7.4, 8.0, or 8.1, you’ll need to upgrade before you can continue receiving Shield updates. Read on for the full picture.
#1 PHP 7.4 – Three and a Half Years Without a Security Patch
PHP 7.4 was released in November 2019. Security support ended in November 2022. Every vulnerability discovered since that date has stayed there, unpatched. The PHP development team are not coming back to it.
The bigger issue with running an end-of-life PHP version is what it means for the libraries your plugins depend on.
When a library drops support for PHP 7.4, you stop receiving its security fixes. A vulnerability gets discovered, a patch gets written, and it ships for PHP 8.x. PHP 7.4 users don’t get it.
This has always been an issue, but the pace is accelerating. AI tools are finding security issues faster than ever, and those fixes only reach supported PHP versions. If you’re on PHP 7.4, you’re cut off from them, and so is every plugin on your site.
#2 Twig and the Risk of Building on Unsupported PHP
The package that’s brought this into focus for us is Twig, the templating library we use within Shield. Twig no longer officially supports PHP 7.4, which means any vulnerabilities found in it going forward will be patched for PHP 8.x but not for 7.4.
To be clear: our use of Twig in Shield is not currently susceptible to any known vulnerabilities.
But that can change. When a Twig vulnerability is found and patched for PHP 8.x only, there’s no way to get that fix to you if you’re still on PHP 7.4. We’re not willing to ship a security plugin built on software that can’t receive security updates.
Twig is the most immediate example, but it won’t be the last.
#3 PHP 8.x is Faster, Too
Security isn’t the only reason to upgrade. PHP 8.x is measurably faster than PHP 7.4 for WordPress. Kinsta’s benchmarks measured WordPress at 139 requests per second on PHP 7.4 and 148 on PHP 8.4, a 6.6% improvement. For WooCommerce, the gain is more significant: PHP 8.2 handled around 23% more requests per second than PHP 7.4 in the same tests.
For a low-traffic blog, that difference won’t be noticeable. For any site handling real traffic or running WooCommerce, it is. Kinsta’s full benchmark article covers 13 platforms if you want the detail.
#4 What You Need to Do Before Our Next Major Release
The minimum requirement will be PHP 8.2. If your site is currently running PHP 7.4, 8.0, or 8.1, you’ll need to upgrade before our next major release to continue receiving Shield updates. For full details, see our system requirements article.
We’d encourage you to go further than the minimum. PHP 8.2 security support closes in December 2026, which doesn’t leave much runway. PHP 8.3 is the version we’d recommend: security patches run through November 2027 and it’s well supported by most hosts. PHP 8.4, released in late 2024, is also a solid choice.
For most members, the upgrade is quick. Your hosting control panel will show you which version you’re on, and most hosts let you switch with a few clicks. If you’re on managed hosting, you may already be running a newer version.
Before you make the switch, back up your site and verify that your themes and plugins are compatible with PHP 8.x. If you can test on a staging environment first, that’s always the safest approach. Our guide to updating PHP in WordPress covers the full preparation process in detail.
If your setup requires more planning, this is your heads-up. We’d encourage all our members to get this sorted before the next major release arrives.
Comments and Suggestions
For the full list of changes, we suggest you review the changelog for the plugin after the plugin has been released.
As always, we welcome any feedback you may have. Please leave any comments below and we’ll get right back to you!
