Support » Fixing WordPress » Seeking alternative to server-level PHP update

  • lauralius

    (@lauralius)


    The administrators for the website I’m trying to develop insist on keeping PHP version 5.3.3, which is interfering with my ability to download some plugins that could prove quite helpful for my project. Does anyone know of ways to work around this (besides bothering my server administrators more and trying to get a different server)?

    While I do not have my heart set on any specific plugin, I’m trying to get a two-way database interface set up, so PHP sounds pretty fundamental to most solutions that allow the sort of complexity I need.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    PHP is a server-level system, it must be updated on the server.

    I recommend pointing your server administrators to https://wordpress.org/about/requirements/ which states that we recommend PHP 7.3, and https://wordpress.org/about/stats/ which shows that most folks are on PHP 5.6 or higher.

    Additionally, WordPress’s minimum PHP version may be bumped to 5.6 soon, and 7 not long after: https://make.wordpress.org/core/2018/12/08/updating-the-minimum-php-version/

    Finally, PHP 5.3 stopped receiving security fixes _years_ ago: http://php.net/supported-versions.php

    The _oldest_ version of PHP still receiving security fixes today is 7.1.

    JNashHawkins

    (@jnashhawkins)

    Part of being a good engineer is being creative when the problem isn’t exactly nuts and bolts.

    You could build it on another server (maybe a local server) with the latest greatest PHP then show it to the decision makers. Get them to like it and then explain how what they like won’t run on what their admins insist is the top level PHP they will allow or support.

    Let them decide after having your arguments well in order.

    Or you could even say, ‘Presentation Canceled due to a possible hack vulnerability taking down the brand new site’. Doesn’t matter that the problem is, in reality, an incompatible plugin because everything worked fine on the staging server and you can show them it does. That plugin on the old PHP is most likely vulnerable in several ways.

    A nice little vulnerability notice or print out from a Health Check warning might help you convince them.

    Sometimes a little creative ‘whoops’ can show the potential future and leave those relics and legacy systems back in the past where they belong.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    This is simple.

    PHP 5.3.3 was released 9 years ago, and has had 26 mostly security related releases to it since then.

    If you’re still using it, you probably have already been hacked. You are using known insecure software.

    WordPress 5.2 will not run on your system. This is known. Planned for. Upgrade, or get left behind.

    Present these simple and obvious facts, and remind them that PHP and WordPress are both free, so there no reason not to do the dang thing.

    If it helps, PHP 7 is also 3 to 4 times faster than everything before it.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Seeking alternative to server-level PHP update’ is closed to new replies.