In: , , ,
On: 2014 / 01 / 22 Viewed: times
Shorter URL for this post:

There's a recurring debate about WordPress and whether they should keep code compatible with PHP 5.2 or drop it and bump the requirements to a newer PHP version. Hey, I have an opinion on this.

What's wrong with PHP 5.2?

Nothing much, except PHP 5.2 was released in November 2006, and was maintained and developed till January 2011. This means that it's now considered an old release, rusty dusty code that's no longer improved, and should a new vulnerability be discovered in the 5.2 branch, it will remain unfixed.

In short: it's *old*. Any PHP library you'll find these days requires 5.3+.

Old but still everywhere ?

According to W3Techs, 33% of websites running PHP are on 5.2. That's a lot, but wait, there's worse.

According to WordPress, more than 50% of WordPress-powered sites are still on 5.2. Earlier this week @dd32 made a pretty graph showing that PHP 5.2′s share is only slowly decreasing.

So what?

Dropping a platform running half of your user base would be crazy, right? For sure. Except I think the numbers are somewhat skewed.

As you may know, my pet project is a self-hosted URL shortener, YOURLS, which was released in its version 1.7 earlier this month. This new version comes with a phone-home feature to report the same kind of stats that WordPress is aggregating from its users, and particularly what PHP version YOURLS is installed on.

Of course, the YOURLS user base is nowhere near as important in volume as WordPress' market, but I think the average user is similar, so YOURLS figures should be relevant in some way.

What I've learned since the release of YOURLS 1.7 came as a surprise: I was expecting a similar share to what WordPress reports, but it turns out only 10% of YOURLS installs are running on PHP 5.2


What did I conclude from all this?

1. Old installs vs new installs

WordPress is old, it's been around for 10 years. The typical WordPress user installed WP 4 or 5 years ago, when 5.2 was still the standard.

YOURLS is much younger, it's been around for 4 years, but the project sort of picked up 3 years ago with YOURLS 1.5, released in November 2010. The typical YOURLS user installed YOURLS 1 year ago, when the default hosting setting on most host was PHP 5.3 or more.

I think that's the key of the skewed numbers : simply too many WordPress installs were around when PHP 5.2 was the default, and those users just did not upgrade their hosting. Well, why would they, it just works fine.

That would be exhibit A : newer users are on 5.3+, older are still on 5.2.

2. Deeper digging: who's running PHP 5.2?

Most host, if not all, still offer 5.2, even if you open an account today, but I could not find any which does not support 5.3+. All the major hosts (Dreamhost, Bluehost, Hostgator, etc…) have 5.3 by default.

And if there is a minor host where PHP 5.2 is the best you can have, then what's the point with signing with a smaller and lesser known company if they cannot provider better services than big ones?

Exhibit B: hosts can give you 5.3+

3. WordPress should lead

And that will be exhibit C: WordPress has the power.

WordPress runs on 20% of all websites in the world. That's huge. Moreover, it apparently has 60% of the CMS market, which is also very impressive.

Few organizations in the world have the power to say "we're moving to a newer version of PHP" and have a global impact ; WordPress is one of them.

With such an influence, WordPress should even go a step further and pro-actively announce end of support for PHP version and follow PHP's 3 year release process, instead of simply watching user adoption. PHP 5.3 will be maintained till July 2014, PHP 5.4 will be maintained till March 2015: I think WordPress should announce the same minimal requirement changes.


The day WordPress says "we require PHP 5.3″, the whole web which is still running 5.2 switches to 5.3. Simple as that.

Shorter URL

Want to share or tweet this post? Please use this short URL:


This entry "Why WordPress should drop PHP 5.2" was posted on 22/01/2014 at 6:04 pm and is tagged with , , ,
Watch this discussion : Comments RSS 2.0.

14 Blablas

  1. 1
    John Blackbourn United Kingdom »
    thought, on 22/Jan/14 at 6:20 pm # :

    I'm sorry Ozh, but you're completely wrong. The user always comes first.

    Why should users give a damn about what version of PHP they're on? Why should they know what PHP is? Why should they be told that they need to update this thing they don't even know anything about? How is this an acceptable thing to present to a user in order to benefit developers only?

    I have yet to hear one single valid argument why WordPress should place such a wholly unnecessary burden on the end user in favour of the developer.

    "It's old" isn't a valid argument. Performance increases are not enough of an argument. If your shitty shared hosting account still runs PHP 5.2, then your site isn't going to perform much better on 5.3, or 5.4, or 5.5.

  2. 2
    Ozh »
    replied, on 22/Jan/14 at 6:27 pm # :

    John Blackbourn » we're exactly on the same page: users should not care, and 90% don't. They just use what their hosts give. The problem is that host are not pro-active and their being immobile is why 5.2 is still so used. WP should motivate *hosts* to update their PHP.

  3. 3
    Nacin United States »
    commented, on 22/Jan/14 at 6:48 pm # :

    WordPress does work with hosts to get PHP updated. We keep a pretty close eye on defaults and offerings, and even see how much the numbers move when a big host makes a large shift. We casually survey them to see what their reasons are for updating.* The difference is we're not going to put users in the middle of all of this political melee.

    Further reading: On PHP (by me, 2010), On PHP (by Matt, 2007).

    And for as long as PHP upstream shows a lack of respect for shared hosting situations, dropping security support for PHP 5.2 while it was still powering a vast majority of websites, dropping security support for PHP 5.3 while it (and 5.2) are a vast majority of websites, it's really not in our best interest to "play along" at the expense of our users. Tens of millions of users would be affected — and potentially stranded, or certainly wondering why WordPress is putting them in the middle of all of this — all because reasons. It's completely silly. It's also the kind of move WordPress could make that a hosted or alternative blogging solution would love to see happen.

    When 5.3 support is dropped, a few possibilities may occur. One, the hosts will stay on the LTS builds that distros are/will offer. Or two, the hosts will update straight to 5.4. Given that a majority of all websites are running 5.2.17, the last release there, I have my guesses.

    We don't need PHP 5.3. Or 5.4. Or 5.5. Does it have nice features? Sure. They're nice. It's even more performant in many respects. and both run PHP 5.4. But we don't exactly use PHP for its features. Even back in the day, there were some features we only offered for PHP 5 installs, because it was too annoying in PHP 4 (XML, timezones, etc.). But that pull doesn't really exist anymore. Rather, we use it for its portability and ubiquity. WordPress works out of the box with basically anything. And for that, we're going to cater to the lowest common denominator because it's in the best interests of users.

    * They must have their reasons to avoid later versions, given they are more stable and more performant. One thing I've heard again and again is a desire to not break the non-WordPress stuff they're hosting, that doesn't work on later versions of PHP. All I know is it's not WordPress that's holding them back. The rise of WordPress-specific hosts — and WordPress-specific offerings by the big hosts — may be promising indications of a shift to tailoring hosting environments to WordPress.

  4. 4
    Mika E. (Ipstenu) United States »
    wrote, on 22/Jan/14 at 7:04 pm # :

    If everyone used WP, I'd shitcan 5.2 in a heartbeat. But speaking as one who works for a host (not speaking for DH, mind), I know that people run code that doesn't work well (if at all) on 5.2. A lot of it is home grown, some are other CMS tools. But as much as WP is a lot of the web, it's not all of it, and until it is, we're never going to be able to use it as leverage fully.

    Also there are some flavors of Linux that don't allow for ease of upgrade paths to 5.3 (seriously, I wanna shoot some of 'em) so we have to refactor entire servers just to be able to do it.

    And it sucks.

    I do know that most good hosts are trying to shove 5.2 away, but realistically it's not a fast thing.

  5. 5
    Ryan Duff United States »
    commented, on 22/Jan/14 at 7:10 pm # :

    Just out of curiosity, and since it's probably a substantial chunk of the install base, do we know which version of PHP is running?

  6. 6
    Ozh »
    wrote, on 22/Jan/14 at 8:31 pm # :

    Ryan Duff » I approved nacin's comment in the meantime — he gives the answer on that: 5.4

  7. 7
    Mark Jaquith United States »
    said, on 22/Jan/14 at 8:43 pm # :

    I would like to encourage hosts to upgrade people to PHP 5.4 if it can be determined that they're not running any other applications that are known not to work on it. A lot of sites are just running WordPress, and there's no reason those can't be upgraded.

    They could also start regularly exhorting their users to update their PHP version preference if their current setting is PHP 5.2.x. Promise them speed (true). Promise them compatibility with newer applications (true).

    As much as I would like PHP 5.3, it's not the end of the world that we can't use its feature. It's just annoying. I can't think of any feature we can't deliver to WordPress with PHP 5.2. I get the inclination to force the issue. I really do. But there are better ways of moving the needle that don't put users in awkward or confusing situations.

  8. 8
    Dan Cameron United States »
    thought, on 22/Jan/14 at 10:58 pm # :

    Let's just make it our responsibility instead of WordPress'. Took me a while to come to this conclusion after talking to @nacin and @dd32 about a cross-reference metrics but a users potential PHP upgrade problems (explained above) should be supported the author; since I can explain to my customers why the upgrade is necessary, versus WordPress trying to explain to millions why their sites are broken.

    That said, WordPress should continue to increase the PHP requirements when the time permits but that argument should be had with the core commit'rs, who can rationalize the tradeoffs.

    Something that WP could do now is have plugin and theme version requirements, maybe a readme check on activation with unique error linking to a codex about upgrading PHP/MySQL. The information could also prevent plugins/themes from being downloaded/installed when adding a new theme/plugin from the admin…and to play into WP trying to push better adoption of current PHP would be for some Automattic plugins and possibly the 2015 Theme to set higher requirements.

  9. 9
    Dan Cameron United States »
    said, on 23/Jan/14 at 12:31 am # :

    I created a Trac ticket with a working patch for basic requirements check during plugin activation.

    Maybe this will be a start to something much better.

  10. 10
    Otto United States »
    said, on 23/Jan/14 at 3:51 am # :

    Users shouldn't be brought into the middle of that conversation. WordPress works fine on 5.2 and there is nothing specific that would be improved by 5.3 or any later version.

    It's better to work with the hosting services to get them to upgrade rather than to make the userbase into some kind of "leverage" to force their hand.

  11. 11
    Ozh France »
    replied, on 23/Jan/14 at 10:36 am # :

    Another reason why WordPress should lead a PHP 5.2 drop movement: as they have huge data to crunch, other large organizations are just checking WordPress' stats to ponder about 5.2 support. Example: Google itself,

  12. 12
    Knut Sparhell Norway »
    commented, on 23/Jan/14 at 8:19 pm # :

    Would you say "I have this Fabulous Theme, brand new 2014 edition, that still only requires WordPress 2.5. Fabulous works fine on WordPress 2.5 and there is nothing specific that would be improved by WordPress 3.0 or any later version."?

    WordPress still has the same humble attitude towards what PHP platform it requires as when WordPress was a small outsider.

    WordPress leads the web, and is the leading PHP based application. PHP 5.2 is dead, and if found vulnerable, it will not be fixed.

    The responsible thing, towards users, would be to announce minimum 5.3 in a year, and minimum 5.4 in two years, for new installs at least. Things will then start happening.

  13. 13
    Christian Foellmann Germany »
    commented, on 17/Feb/14 at 7:53 pm # :

    I do not want to cook this up again. Just a quick question:

    Is there any data on how many of the plugins require PHP 5.3+?

    Even if core does not drop 5.2 a few plugins require PHP 5.3 for whatever reason. Feature or "just" coding style.

  14. 14
    Rahul Bansal India »
    wrote, on 15/Apr/14 at 10:51 am # :

    I think the day we find something like heartbleed in PHP 5.2 (which is not supported anymore), everybody will jump to PHP 5.3!

    I agree with @Knut on this. WordPress minimum should not include any outdated and unsupported software.

    The day WordPress drops support for PHP 5.2, we will start using namespaces in all our theme and plugins. Ofcourse, we can live without namespaces but we have to skip libraries which requires PHP 5.3 minimum!

    And WordPress id dominant force. I remember when WordPress dropped support for PHP 4, webhosting companies jumped to get PHP 5.

Leave a Reply

Comment Guidelines or Die

  • HTML: You can use these tags: <a href=""> <em> <i> <b> <strong> <blockquote>
  • Posting code: Post raw code (no <> &lt; etc) within appropriate tags : [php][/php], [css][/css], [html][/html], [js][/js], [sql][/sql], [xml][/xml], or generic [code][code]
  • Gravatars: Curious about the little images next to each commenter's name ? Go to Gravatar.
  • Spam: Various spam plugins on patrol. I'll put pins in a Voodoo doll if you spam me.
  • I will mark as Spam test comments, all comments with SEO names (ie "My Cool Online Shop" instead of "Joe") or containing forum-like signatures.

Read more ?