PHP Security Upgrade Deadline Is Near: Is Your Site Ready?

All PHP versions prior to 7.2 will stop receiving security updates on January 1, 2019

It may be hard to believe that 2018 is coming to an end and, possibly, even more difficult to think that 2019 is only a few short weeks away. With the rush of the holidays and January project planning in full swing this month, we want to make sure that one very important update makes it to the top of your list.

All PHP versions prior to 7.2 will stop receiving security updates on January 1, 2019. So, the time is now to see if your website is running PHP, and if so, what version is currently in place.


What is PHP and how does it affect my site?

PHP is an open-source server language that helps power millions of websites across the world. One of the most well-known content-management-systems (CMS) that uses PHP is WordPress. Simply put, PHP is some of the code that helps make your website function and look the way that it does.

This update is not something that will only be affecting WordPress sites. Since almost every modern CMS like Drupal, Cascade and Sitefinity make use of PHP code, all of them are potentially at risk. Unfortunately, with all of these, the solution isn’t just as simple as an upgrade to the code, although we’ll come back to why that may not be needed in a bit. The biggest issue faced by WordPress and all of the other CMS out there is compatibility, particularly with older versions of the CMS. Most of these are not able to render PHP 7.2 correctly causing plugins, widgets, other add-ons and, potentially, the CMS itself not to work correctly. This may mean broken elements on the site or, in the worst case, a non-functional site. For example, the current version of Drupal is 8.0. Anything older than this has known PHP 7.2 compatibility issues, so upgrading the code could cause site failure.


What is happening with PHP in December?

Effective December 31, 2018, the older versions of PHP will no longer receive security updates. That means that the server loading your website could potentially be at risk for security vulnerabilities that could lead to unwanted access of your website files, data loss, or malware.

Most hosting companies have notified their customers that an upgrade to PHP 7.2 is required and have offered assistance to implement the change. If your website is not hosted internally by your IT department, we strongly encourage you to reach out to your hosting provider or web development team to ensure that your website is being tested and upgraded to 7.2 this month.


What versions of PHP will be impacted?

All PHP versions prior to 7.2 are impacted by this change. Most WordPress websites are currently running PHP 5.6 unless they were recently launched or upgraded to another version of PHP. No matter what version your site is currently running, it needs to be upgraded to 7.2.


How do I check what version of PHP my WordPress site is running?

There is a WordPress plugin called PHP Compatibility Checker that was built by WP Engine. This plugin allows you to test if your website theme and plugins are compatible with PHP 7.2.


WP Engine PHP 7.2 Test Drive

Honestly, WP Engine was on the slow side of letting their customers know about the required PHP upgrade, but we have to hand it to them for offering users a PHP 7.2 Test Drive. When you login to your WP Engine account and click on your site you will now see a PHP Test Driver message.

Once you click on the preview site button, you will now be viewing your website just as it will be seen with PHP 7.2. You have the ability to login to view and test all elements of your website to ensure that everything is working properly. Consider this an early Christmas present because it’s a lot better than the compatibility checker, letting you see any issues you may have to make adjustments on the spot.


What happens to my site if I don’t upgrade by December?

In most cases your website will be upgraded automatically for you. Most hosts such as WP Engine are requiring their customers to make changes in the month of December. If changes are not made, then your website will be upgraded to PHP 7.2 automatically.

If your site is hosted internally or with a third party that doesn’t do automatic updates, there are two possibilities for you. The first is that your code doesn’t get upgraded and you are left with a potential security issue. This is not a great option, and we highly recommend contacting your hosting company to discuss options or to talk to your IT department. The second possibility is that you are making use of a service like Red Hat, which is what Thruline uses on its servers. Services like this do what is called “backpatching” which is to take security updates for new versions of PHP, rework them to work with older versions and then deploy the update out to their clients. This allows you to run an older version of PHP without any security concerns. There are advantages to upgrading PHP, like improved performance, but with a system like this in place, the timeline for upgrading is greatly extended. Again, it is advisable to check with your hosting company or IT department to see if a service like this is in use.


How do I upgrade my WordPress site to PHP 7.2?

The process of upgrading is actually just a few clicks or a support ticket with your host. However we cannot stress enough that you need to run through the process listed above to ensure your site is compatible with PHP 7.2 before you upgrade.



The change that is taking place with PHP code is not something to brush off due to the site security issues that could potentially occur. At the same time, it’s not a moment to panic, either. If you are unsure of what will be happening to your site, reach out to your hosting company or IT department to find out how your institution will be handling the situation. Any sites that are hosted with Thruline, which would be most of our digital media sites, are not at risk. But if any assistance is needed on this topic with sites hosted outside of Thruline, the inbound marketing team here is available to lend a hand.


Allen Harkleroad, Manager of Inbound Marketing & John Weaver, Senior Inbound Marketing Strategist