If you’ve logged into WordPress recently and seen a message like the one below, don’t ignore it.
This is the WordPress equivalent of the wear indicator on your tires — you could keep driving on them, but the smart move is to replace them before they cause an accident.
Your site could be faster and more secure with a newer PHP version.
Hey, we’ve noticed that you’re running an outdated version of PHP. PHP is the programming language that WordPress and Yoast SEO are built on. The version that is currently used for your site is no longer supported. Newer versions of PHP are both faster and more secure. In fact, your version of PHP no longer receives security updates, which is why we’re sending you to this notice.
Hosts have the ability to update your PHP version, but sometimes they don’t dare to do that because they’re afraid they’ll break your site.
The current recommended environment for WordPress is PHP 7+ and MySql 5.6+. If you’re seeing the message above, or don’t know which version of PHP or MySQL your site is running on… you should find out, and likely upgrade.
WordPress can run on PHP 5.2 and MySQL 5.0 … but that’s when you get the above notice popping up.
Is PHP 5.2 really that bad?
It was, at one point, the most secure and best-performing version of PHP around, but that was in 2006, and support stopped in 2011. A lot has changed since then, and 6-7 years in internet time is a very long time.
Unsupported means it’s no longer receiving security patches so it’s not something you should be using (unless you have a very good reason to do so and fully understand the implications of that choice).
PHP 7 also runs much faster using less memory, which means a faster experience for you (in the admin) and your visitors (page speed is a ranking factor!). Unless you have an incompatible theme or plugin, you should try to upgrade to PHP 7.x as soon as possible.
How to fix the underlying issue
You may be wondering why your web host hasn’t upgraded you already (I’m wondering that as well), but it’s not quite that simple:
- You may have a lackluster host (it happens, now is a good time to look for a new one).
- You may not have requested an upgrade (many hosts required you to opt-in, see below).
- Your host may desperately want you to upgrade, but you’ve been ignoring their email (or never received them).
The complicated part is this: if web hosts just bulk upgraded sites, they’d likely break things. PHP 5.3-5.6 and now 7.x was an incredible time of growth for the PHP language. Many of the rougher parts were cleaned up, but these fixes required not allowing some bad habits that were common in the past. Upgrading can break certain features (generally nothing in WordPress at this point, as long as it’s relatively up to date) so most hosts chose an opt-in approach to avoid horsed of angry customers storming their support channels.
Upgrading is a different process depending on your web host. It may mean logging into a control panel and choosing a newer version of PHP (often with no option to revert back) or contacting your host so they can migrate you to a more modern server as your server may not be configured with newer versions.
If you’re concerned about breakage, you have a few options:
- Use the PHP compatibility checker plugin to look for issues (this is not foolproof, but will generally catch the major issues)
- Move to a new WordPress host – this gives you the chance to test your site on the newer platform and fix any issues before you switch over
- Use a local development environment like Local or DesktopServer to pull a local copy and test the PHP upgrade, and fix any issues before you upgrade
- If your host supports it, the PHP version can sometimes be overridden in the .htaccess or a php.ini file for testing without committing to the switch.
- Talk to your host, they can point you to documentation or assist you (depending on their service level).
Sound too technical and scary?
Of course, we’d be happy to assist you with this upgrade. You may want to consider a WordPress solution checkup while you’re at it, as there may be other issues lurking under the hood, that don’t identify themselves like this one does.
Also while you’re at it, if you don’t have an SSL certificate for your WordPress site, you’ll want to get that taken care of soon as well.