A problem for the PHP ecosystem
PHP explained in the simplest way is a scripting language that helps people make web pages more interactive by allowing them to do more things. It is a server-side language designed for web development, although it is also used as a general programming language. For example, with PHP a website can do things like having users and passwords. If a website is not programmed with languages such as PHP, it can not do most of the things we are used to, apart from displaying text, links, and images in a simple way.Approximately 78% of all websites (those that do not hide their technologies and can be quantified) use some version of PHP, but most use old versions.The entire current branch of PHP versions 5.x are extremely old, PHP 5.6 was launched in August 2014, its active support ended in 2017, almost two years ago. Its security support ends, as we said at the end of 2018. The most recent version is PHP 7.2, which was launched in November 2017 and will have security support until November 2020. In green: active support In orange: only security updates In red: without PHP.net supportWordPress, one of the most used and known content management systems ( more than a quarter of all websites use WordPress ), recommends the use of PHP 7.2 on their requirements page but they explain that they continue to support PHP 5.2.4 and Later despite noticing that they are versions without support and that could expose your site to security vulnerabilities. WordPress refuses to stop supporting PHP 5.2 and for some, the CMS is also part of the problem.This is especially problematic, and for expert Scott Arciszewski, WordPress is the main source of inertia in the ecosystem for refusing to remove support for PHP 5.2. The good news at least is that PHP has not had any critical vulnerabilities in its recent history, and although that gives some peace of mind, others believe that now that PHP 5.6 support dies and is still widely used, vulnerabilities will begin to appear and be exploited. Only time will tell us, but the responsibility is definitely to update.