Everything you use on a WordPress site (themes, plugins, etc) and WordPress itself is built in a programming language called PHP. PHP is a widely used open source language that many types of software and websites are built with. In fact, tens of millions of websites are built in PHP including Facebook, Wikipedia, and Yahoo.
Like most software, PHP is a continuously evolving platform and is regularly receiving updates. Unlike most software, the updates to PHP usually require your hosting provider to update their PHP. However, many do not which leaves millions of sites using versions that are not secure.
Versions of PHP
WordPress supports PHP versions 5.2 (soon to be 5.6) through 7.3. However, as shown in the image below from php.net, only the last 3 minor versions still receive security support with 7.1 ending their support soon. Version 5.2 stopped receiving support over 7 years ago but many hosting providers still use it.
Why Does The Version Matter?
In terms of web development and hacking techniques, 7 years is a long time. Almost every version of PHP includes security and bug fixes. While the chart above shows timelines for the minor versions, there are actually dozens of smaller versions released during these cycles. For example, PHP 7.2.7 has been recently released.
At a bare minimum, if you want your site to be secure, then you need to be running at least PHP version 7.1.
In addition to security updates, these updates also include new features and performance improvements. Tests shown on Phoronix showed that PHP 7.2 was over 400% faster than PHP 5.3. In other words, you could reduce your site load time by almost 75% just by upgrading your PHP version.You could reduce your site load time up to 75% just by upgrading the version of PHP your site uses! Click To Tweet
How to Find Your PHP Version
Depending on your hosting provider, there are a few different ways that you can find the version of PHP that your site is using. There are several WordPress plugins that can be installed which tells you the PHP version. Naturally, our recommended plugin is our own plugin.
However, you can search “PHP” in the “Add New” page of your “Plugins” menu in your WordPress to find several others.
If you are on a hosting provider that offers a dashboard, such as cPanel, the dashboard will usually list the version of PHP in the server stats. Additionally, you can also email or chat with your hosting provider to ask them.
What To Do If Your PHP Version Is Not Supported
If you discover that your site is using PHP 5.6 or earlier, than you will want to update as soon as possible. Some hosting providers have multiple versions available and allow you to select a different version from your account or dashboard page in your hosting provider account. If not, you will want to reach out to your hosting provider to ask about their timeline for upgrading to a secure version of PHP.
If they plan on updating in a reasonable timeframe, keep an eye on the situation to ensure they do so. If they do not have any timeframe for upgrading, it may be time to consider switching to a different hosting provider. You can learn what to look for in a hosting provider in our How to choose the right WordPress hosting provider article