The end of PHP 5.3

PHP 5.3 is dead.

In some ways it’s sad when a version of PHP dies. But in other ways, it’s great. I mean, more time can go into making it a better language instead of backporting security fixes to old versions. Really, the only thing that makes it sad is that so many people will be using these dead and insecure versions for years to come.

The other day I wrote a post about how WordPress supports PHP back to 5.2. In fact, until recently most WordPress sites were running on 5.2. Now, it’s an even split between that and 5.3:

WordPress PHP versions pie chart

Only 21.8% of sites are now running on a living version of PHP.

I think that it is interesting to compare these stats to the number of sites running WordPress versions that receive security updates:

WordPress versions pie chart

39% of sites are running a living version of WordPress.

Why is there such a discrepancy here? Obviously, WordPress is web software, whereas PHP is a programming language, but is there another reason that more WordPress sites are up to date? I doubt that users are more conscientious about updating than web hosts are.

It’s not only that more WordPress sites are up to date, but more of them are running the latest version, 3.9. Whereas PHP 5.5 has a much smaller slice than 5.4.

I think the reason for this difference is probably that WordPress is easier to update than PHP. Not just that there is a difference in technical skill required, but that updating PHP is more likely to break things than updating WordPress. WordPress always aims for complete backward compatibility, but there are sometimes changes in PHP that can definitely break things. It could be that the difference here is the obvious: the less painful it is to update, the more people will do it.

Leave a Reply

Your email address will not be published. Required fields are marked *