PHP is the programming language that your website uses to generate the pages you see in your browser. It's used by billions of websites and is the most popular language used on the web.
The aim of using PHP is to allow things to by dynamic - that is, to vary the output based on different factors - currency, location, logged in user etc. This makes sites very powerful, but also means we need to be mindful of exactly what it's doing to make sure it's not doing too much and taking too long to generate a page, or even worse if it's able to perform actions we don't intend, which can be used by malicious scripts to leak data.
Why keep PHP up to date¶
You should always make sure to keep up to date because any security holes are fixed only for a defined period of time. You can see the versions of PHP that are currently supported here: http://php.net/supported-versions.php
Being on a recent version gives us the ability to take advantage of modern features, which often means spending less time coding, which can reduce development costs and also make maintenance easier.
Speed is especially relevant on versions newer than 7.0 as a lot of work was put into PHP 7 to make it run the same code much faster. This isn't one of those generic "performance improvement" changes - we always see a noticeable improvement in websites' load times. So if you're on a PHP version such as 5.6, this will be a great way to improve the speed of your website.
PHP Security patch (2019/09)¶
Critical security vulnerabilities were discovered in the PHP 7 branch that allowed an attacked to execute code on vulnerable platforms. See the technical announcement for a more in depth description of the issue.
It is strongly advised that PHP is updated to include the patch. PHP versions that include the security patch:
- 7.1 patched to 7.1.32
- 7.2 patched to 7.2.22
- 7.3 patched to 7.3.9
If managed hosting is used with a support service, it should be possible for the technical support service to apply the patch. However it is strongly encouraged that the updated version is tested in a staging environment before the update is applied to the production environment.