This article was inspired by the shocking
results of W3Tech's
survey report. According to this report, 77.7% of websites use PHP, so the good
news is that PHP is still a very popular language for website backend code.
When we look at the php version used by
websites, the statistics are shocking, with approximately 90% of sites using
outdated php versions. Any programming language is not vulnerable by default if
it receives frequent updates; otherwise, it is vulnerable.
The PHP version and support cycle as of Jan. 31, 2023 are shown in the table below from php.net. 8.0, 8.1, and
8.2 are supported versions.
What will you miss if you do not update?
- Security update: If you are not using a supported version, you will not receive
security updates for known vulnerabilities; therefore, it is critical to
keep your application up-to-date in order to secure it. Known
vulnerabilities are available in the CVE
details. The OWASPTop
10 Vulnerable and Outdated Components this article covers the
importance of software updates.
- Performance: Look at the PHP version performance benchmarks to see what you are
missing by not updating.
- New features Look at php.net
site to see what new feature is missing because of the lack of updating.
