PHP 7.4 is now considered an Unsupported Branch, it was end of life on November 28th, 2022.
What does this mean?
This means that if you are running PHP 7.4, your site will no longer receive security updates, bug fixes, or improvements from the PHP development team. This can leave your site vulnerable to security risks, in addition to being much harder to maintain or improve in the future.
Security Concerns
PHP 7.4 will no longer be receiving security patches and updates, which could introduce a lot of risk for any live site by leaving your website or application open to hacking or other malicious attacks against vulnerabilities that a supported version of PHP has been patched to fix. Rather than scramble to perform a potentially complex workaround, or to rush an update to a supported version of PHP, we recommend you keep up to date to mitigate this risk.
Additional Development Effort
The development effort required to maintain a site running on an outdated version of PHP will continue to increase (AKA- it will cost more). Development teams may be required to build or refactor patches and apply them as band-aid fixes to keep the site running. Tools used as part of a smooth running DevOps workflow may stop working or require manual intervention from the team.
Keeping the site up to date may become difficult or impossible as external libraries or dependencies start dropping support for older versions of PHP, new features may become harder to implement as a result, meaning that your site could become less competitive too.
Performance, Stability, and Improvements
PHP 8 offers performance improvements over PHP 7.4 which may alone be worth the upgrade effort. In addition, the overall stability of a PHP 7.4 stack will decrease over time as the libraries and platforms we rely on continue to advance or require updates which can no longer be easily applied due to the continued use of an outdated version of PHP.
Does this affect me?
How do I know if I am running PHP 7.4?
There are several ways to check the version of PHP currently being used for your site. WordPress and Drupal make it easy to view the PHP version, the command line can also be used, or you can check with your hosting provider.
WordPress
WordPress has a Site Health page which can be found under “Tools” -> “Site Health” -> “Info”. Expanding the “Server” section will reveal the PHP version currently running on your server. Anything less than PHP 8.0 should be updated.
Drupal
Drupal provides a “Status Report” page, found under “Admin” -> “Reports” -> “Status Report”, which can be used to confirm the PHP version in use. Anything less than PHP 8.0 should be updated.
Command Line
If you have access to your server using the CLI, the php -v command can often be used to confirm the version of PHP currently being used.
I’m running an old version of PHP! What’s next?
Updating to PHP 8.0+ is our recommended solution, remaining on PHP 7.4 is a risk and the effort involved with delaying the upgrade to a newer version of PHP will only increase over time.
The complexity involved in migrating from PHP 7.4 to PHP 8.x will vary based on several factors, including whether your codebase has been kept up to date. If your Drupal modules or WordPress plugins are not up-to-date, this would be a good place to start before attempting a PHP update.
There are tools to help with identifying compatibility issues, for example the PHP Compatibility Coding Standard sniffs for PHP CodeSniffer. There are also tools to help with PHP migration by suggesting code improvements, such as Rector.
However complex your codebase, make sure to take the time to thoroughly test your site in a development environment before going live with your PHP migration. We hope you find the effort involved was not as difficult as it initially appeared to be!
