
Around 62% of all Internet sites will run an unsupported PHP version in 10 weeks - danso
https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/
======
27182818284
We converted several old PHP-5.x apps to be 7.x-ready about a year or more
ago. The apps had various authors and various levels of maintenance over the
years. (By and large they were internally used apps at a large institution
which is why one app could be very different from another app.)

If you have been dreading a transition, don't sweat it. From our experience,
it was easier than a developer might think when they first open that old PHP
codebase. Oh, and the speed increases the benchmarks promised are real. Even
the bad apps saw a noticeable speed increase.

~~~
jrumbut
I will second that it isn't very painful at all. Longevity is one of the
strengths of PHP, it is not hard to find continuously operational PHP
codebases that are 15 or more years old.

Those codebases are often hideous but they've been getting stuff done, and
that's admirable.

Generally when updating a codebase like that, it's important to also make sure
that passwords are being stored securely, SQL queries are using prepared
statements, and XSS/CSRF protections are in place, and a protocol is set up
for keeping up with new PHP versions. Then hopefully it will be ready to go
back to minimum maintenance mode for some more years.

------
JeanMarcS
I completely recognize myself in this post, when it stated that hosters will
provide clients the last version for new hosting and change version when
asked.

But if you think that explaining clients that there are new versions and they
should upgrade works, think again !

I still got 6 or 7 websites I’m hosting with PHP5.2 ! And I know they won’t
work as it if I migrate them on 7.x.

For the last 2 years I’m pushing them to update the code. But they won’t, as
it’s websites done by agencies that don’t exists anymore, and it has suits
them for years so why change ?

So what do I do ? I can’t shut them (as they sure won’t like it and might send
their lawyers after me). I can’t refuse to host them (as they are already
clients and, in France, it’s difficult by law to refuse to sell to someone).

Of course my hosting contracts should have been better 18 years ago and it’s
mostly the fault of the young me.

But here I am. My best solution would be to make the changes by myself under
their validation. And no one will pay me for that.

~~~
sawmurai
You can increase the price for old php versions due to the increased risk of
security issues and be transparent about it. Once you become too expensive
they will either update or move away.

~~~
JeanMarcS
That’s a great idea, thanks !

------
GlitchMr
This is misleading. PHP 5 may have its support by PHP developers end, but it
will still be supported by distributions like RHEL, CentOS, Debian 8, and
Ubuntu 14.04 where the support doesn't depend on PHP developers.

~~~
jkaplowitz
Debian no longer supports Debian 8, although the commercially funded Debian
LTS project run by the consultancy Freexian provides a lower level of best-
effort support into 2020.

And Ubuntu 14.04 won't be supported past next April, which while more than
double the 10 weeks discussed in this article isn't all that far into the
future.

Beyond those two details, you're right.

The broader point remains that support for older PHP will degrade rapidly from
this point forward, even if a bit of it lingers on for a handful of years.

------
ccnafr
Agree with the WordFence guy. It's more likely that attackers will target PHP
apps rather than PHP itself. Probably not a big deal, but I also see the point
of the Paragonie guy. Once PHP 5.x is EOL, there will be real incentive to go
after PHP flaws, rather than PHP app flaws.

That market share, though... 62%, wow!

~~~
jarfil
The remaining 38% already run on PHP 7.x?

~~~
Ayesh
Most likely, yes. Hhvm (Facebook) is practically a dead/different language for
the rest of us.

There is not much friction between 7.0,7.1,7.2, etc, so hopefully at least
this 7.x share will continue to keep upgrading.

------
ashelmire
I am _extremely_ skeptical of the source this article cites, which claims that
79% of the top 10 million sites use PHP. See
[https://w3techs.com/technologies/overview/programming_langua...](https://w3techs.com/technologies/overview/programming_language/all).

This is completely out of line with my experience, job listings, and all other
sources I can find. See
[https://en.wikipedia.org/wiki/Programming_languages_used_in_...](https://en.wikipedia.org/wiki/Programming_languages_used_in_most_popular_websites)
and [https://www.codingdojo.com/blog/7-most-in-demand-
programming...](https://www.codingdojo.com/blog/7-most-in-demand-programming-
languages-of-2018/) and [https://www.tiobe.com/tiobe-
index/](https://www.tiobe.com/tiobe-index/)

~~~
foepys
I believe it. Aren't like 30% of all websites WordPress blogs? Considering
people who use WordPress want a one-click solution, they certainly don't care
about their PHP version. The other 49% might contain some Joomla and Drupal
installations and phpBB (or similar). All those software is known to be easy
to install, so most people choose it for their private content.

We are not talking about IT people but John/Jane Smith running their hobby
site about fishing or their community to exchange ideas about old cars. They
might not even have users but they are still websites.

~~~
dogma1138
It’s not just hobby/personal sites, Magento has about 30% of the e-commerce
platform market share, Shopify for comparison has 7%.

If you take Magento and WooCommerce (the most popular e-commerce WP plug-in)
you have about 50% of the e-commerce market share (by installs/shops not
revenue cuz well eBay and Amazon got that handled).

A lot of companies even fairly large enterprises use Drupal, Joomla and ofc
Wordpress.

------
bashtoni
This isn't true at all. The vast majority of these PHP 5.x installs are from
vendor provided security supported Linux distributions - including those
without cost such as CentOS, Debian and Ubuntu.

~~~
xref
an important factor since PHP 5.4 is still the default install on the latest
releases of both RHEL and CentOS

------
esher
I found that there are different numbers on the spread of old PHP around,
depending on who you are asking, WordPress and Composer are also having usage
stats. The numbers from w3tech are maybe not that accurate, as they are
probably generated by sniffing the X-Powered-By header.

PLUG: We have blogged about PHP deadlines as well:
[https://blog.fortrabbit.com/on-php-deadlines](https://blog.fortrabbit.com/on-
php-deadlines)

------
Ayesh
There are many sites that run on PHP 5.2-5.5, which are EOL from PHP.net
already.

If shameless self-plug is allowed, take a look at my presentation at DrupalCon
Vienna: "PHP7+: The why's and the how's":
[https://events.drupal.org/vienna2017/sessions/php-7-whys-
and...](https://events.drupal.org/vienna2017/sessions/php-7-whys-and-hows)

