Note: This article applies to websites hosted with CanTrust Hosting Co-operative only.
If you are hosting with another provider, or doing your own hosting, then you very much need to make sure your PHP versions are current and supported (ideally by using packages that come with a major Linux distro).
Why do I see this PHP Update Required
WordPress is making some false assumptions about which PHP version we are running, and erring on the side of caution with its warning.
For sites hosted at CanTrust Hosting Co-op, your older PHP version is still secure. That is because Debian Linux provides security coverage for the PHP we run, so it does not matter if the PHP team themselves have moved on. For stable releases of PHP that are backed by a major Linux distribution, you can expect years of support for a particular version.
The warning is for people who fetch PHP from the PHP team directly, and then build it in a custom compile themselves. This used to be the recommended method, and in fact the only successful method for getting most sites to run. But it has not been that way for about 15 years.
But in modern times, nobody does that!
Nowadays, you install PHP from your OS package manager and that package is managed with security fixes as mentioned above. Compiling from source is almost never done and is certainly never recommended by an expert.
So why is WordPress recommending the update so heavily?
Because they have no way to confirm which way you installed PHP they err on the side of caution. Which is fair enough, it is important that people running out of date versions are warned about the consequences. What is frustrating is that the WordPress check does not try a little harder to see if you are running a packaged OS version of PHP. If so then they could dispense with the alarming warnings and know that PHP was indeed up to date and the most stable configuration.
Anyway, it is still important you update the PHP version as the years go by… not just for security improvements, but also because all your plugins you’re using stay working right. Each plugin is made by different people, and they all play together like different instruments in an orchestra. By keeping your PHP up to date, you ensure the best chances that each plugin will work as it was designed and tested, because the developers making them often do not have time to test things on old versions of PHP.
OK, So how to change the PHP version and make the warning go away?
We handle that for you! Please make a support ticket where you identify which site you are using and ask for the PHP version to be upgraded.
We will take a quick look to ensure it doesn’t look like there will be problems, than change it for you and ask you to test.
Should you find any problems, we can change it back and then set you up with the new version on a test or staging site, so that you can work out the kinks and be ready to try again on production.
We will assist you through the process so that it ends in success.