Innovate faster and cut risk with PHP experts from Zend Services.
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
PHP migrations, while necessary and ultimately beneficial, can represent a significant challenge for many companies. The rapid pace of innovation in the PHP language and libraries written in PHP often acts as a driver for migrating to newer PHP versions. However, such migrations can prove to be lengthy and expensive affairs that impact other business considerations.
In this blog, we look at why PHP migrations can be advantageous for companies on outdated and end of life PHP versions, with a look at how a PHP migration can impact security, performance, and compliance.
In general, a PHP migration involves many moving parts. From planning to execution, these factors are not only difficult to estimate, but often problematic to implement (i.e. testing, library swapping, etc.).
The direct cost (development hours) of a software migration can range from a few thousand to hundreds of thousands of dollars, depending on the size of the application, its business criticality, and the industry you are in.
To avoid getting overrun by advances in PHP technologies, teams must consider the cost of software migrations — including the cost of falling behind.
Start Planning Your Next PHP MigrationExecuting a successful PHP migration requires careful planning. In this free white paper, our experts discuss the best ways to prep for a PHP migration, including details on the pitfalls that can cost teams big.Download Your Copy Here
Executing a successful PHP migration requires careful planning. In this free white paper, our experts discuss the best ways to prep for a PHP migration, including details on the pitfalls that can cost teams big.
Download Your Copy Here
Migrating PHP might not always be as straightforward as going from one version to another. In some cases, and especially when migrating across major versions, teams may need to migrate to an intermediary version before migrating to their desired version. This process, while time consuming, can ensure that teams don't get waylaid with unexpected (and often substantial) refactoring / troubleshooting hours.
It's also important to note that PHP upgrades, or updating your PHP to a new minor version within the same major version, may still represent challenges. PHP 8.0 is a great example of this, where an upgrade from PHP 8.0 to 8.1 might pose more significant challenges than upgrading PHP 8.1 to 8.2.
This makes it all the more important for teams to carefully evaluate the time and resources needed to upgrade or migrate PHP, regardless of whether it's between major or minor versions.
Read more about PHP 7.4 migration paths >>
For most applications, the primary benefits of a PHP migration revolve around improved security and increased performance.
PHP migrations can also allow teams to leverage new language features, extensions and libraries that were not present in the previous PHP version – all of which can provide tangible benefits during QA and maintenance cycles.
Migrating to supported PHP versions means better protection against critical vulnerabilities and exposures.
New PHP versions often give significant performance benefits over previous versions.
Compliance standards often necessitate a migration, but they can also make maintaining compliance easier.
Migrating to the latest PHP version means teams can leverage new language features, extensions, and libraries.
Simply put, applications running on unsupported PHP versions are more exposed to critical vulnerabilities..
PHP applications on current PHP versions (or on third-party supported end of life PHP versions) get the benefit of frequent security patches, and hotfixes that keep the application less susceptible to security failures.
For companies with mission critical applications, or applications that store any type of sensitive data, migrating to supported PHP versions (or finding alternative means of PHP LTS) is critical.
In modern applications, user experience can make or break an application. One of the most critical points of user experience, of course, is application performance.
PHP puts a big focus on improving performance through each release version, with some releases (like PHP 7.3) netting double digit performance gains.
For companies that don’t regularly perform PHP migrations, computing resource usage/cost (e.g. CPU, RAM) for their application can be substantially higher than if they migrated to a newer, more performant PHP version.
Failure to migrate to these better performing PHP versions can put applications, and companies, at a competitive disadvantage.
While compliance and security often go hand in hand, compliance standards can require up to date encryption standards and sometimes necessitate a PHP migration.
As a concrete example, the Payment Card Industry Security Standards Council (PCI SSC) requires TLS 1.2 or greater, or email client encryption.
The requirement must also be satisfied by communications generated from within a PHP application, like HTTP requests or mail sending routines.
These requirements are completely satisfied from certain versions of the PHP engine. Practically, the minimal version of the PHP engine that best supports PCI compliance is 7.2, in which many security aspects are addressed thoroughly within the engine itself.
While less of a decision point for most teams, leveraging the latest features in PHP, including newly developed extensions and libraries, can be a welcome benefit of PHP migrations.
PHP version releases also regularly introduce quality of life improvements for developers. PHP 7.4, for example, added in a handful of nice improvements in the form of new functions, several new operators, and syntactical changes designed to simplify writing code. These improvements, while not game-changing, help making coding in PHP a better experience for developers.
With all the potential costs and complications that come with a PHP migration, the decision to migrate your PHP can be daunting. When planning a PHP migration or upgrade, one of the best ways to determine your readiness is in considering your current testing strategies and coverage.
For applications with excellent test coverage, and with teams that follow industry standard practices for end to end testing, PHP migrations don’t have to be painful. In fact, most can consider upgrading PHP versions when it’s convenient, or least costly to the business.
For applications that do not currently possess excellent test coverage, most teams should stay on their current PHP version until it’s possible to fully implement these practices. Even then, for teams maintaining legacy applications, the cost of a PHP migration may not make sense.
If you're one of the many teams who need to migrate from PHP 7 to 8, be sure to check out our blog on selecting the right migration strategy. It has sections on PHP 7.4 to 8 migrations that are especially helpful.
Get a Team of Experts for Your Next PHP Migration If your team is considering a PHP migration, Zend can help you plan and execute your next migration to perfection.See Migration Support Options
If your team is considering a PHP migration, Zend can help you plan and execute your next migration to perfection.
See Migration Support Options
For more information on PHP migrations, we recommend the following resources:
Massimiliano Cavicchioli is a Software Architect at Zend. He has over 20 years of experience in the tech world, 16 of which he spent contributing to the PHP ecosystem at Zend. During his many years of providing consultation to enterprise corporations, Massi has developed a wealth of tangible knowledge — making him highly capable in helping companies achieve best practices in both PHP and OSS.