Innovate faster and cut risk with PHP experts from Zend Services.
Beginning to advanced PHP classes to learn and earn global certification.
Help me choose >
Submit support requests and browse self-service resources.
PHP migrations can present large hurdles to companies. The rapid pace of innovation in the PHP language and libraries written in PHP often acts as a driver for migrating to newer PHP versions. However, such migrations can prove to be lengthy and expensive affairs that impact other business considerations
In this blog, we look at why PHP migrations can be advantageous for companies on outdated and end of life PHP versions, with a look at how a PHP migration can impact security, performance, and compliance.
In general, a PHP version upgrade involves many moving parts. From planning to execution, these factors are not only difficult to estimate, but often problematic to implement (i.e. testing, library swapping, etc.).
The direct cost (development hours) of a software upgrade can range from a few thousand to hundreds of thousands of dollars, depending on the size of the application, its business criticality, and the industry you are in.
To avoid getting overrun by advances in PHP technologies, teams must consider the cost of software upgrades — including the cost of falling behind.
For most applications, the primary benefits of upgrading PHP versions are in improved security and increased performance.
PHP version upgrades can also allow teams to leverage new language features, extensions and libraries that were not present in the previous PHP version – all of which can provide tangible benefits during QA and maintenance cycles.
Simply put, applications running on unsupported PHP versions are more exposed to critical vulnerabilities..
PHP applications on current PHP versions (or on third-party supported end of life PHP versions) get the benefit of frequent security patches, and hotfixes that keep the application less susceptible to security failures.
For companies with mission critical applications, or applications that store any type of sensitive data, migrating to supported PHP versions (or finding alternative means of PHP LTS) is critical.
In modern applications, user experience can make or break an application. One of the most critical points of user experience, of course, is application performance.
PHP puts a big focus on improving performance through each release version, with some releases (like PHP 7.3) netting double digit performance gains.
For companies that don’t upgrade, computing resource usage/cost (e.g. CPU, RAM) for their application can be substantially higher than if they migrated to a newer, more performant PHP version.
Failure to upgrade to these better performing PHP versions can put applications, and companies, at a competitive disadvantage.
While compliance and security often go hand in hand, compliance standards can require up to date encryption standards and sometimes necessitate a PHP migration.
As a concrete example, the Payment Card Industry Security Standards Council (PCI SSC) requires TLS 1.2 or greater, or email client encryption.
The requirement must also be satisfied by communications generated from within a PHP application, like HTTP requests or mail sending routines.
These requirements are completely satisfied from certain versions of the PHP engine. Practically, the minimal version of the PHP engine that best supports PCI compliance is 7.2, in which many security aspects are addressed thoroughly within the engine itself.
While less of a decision point for most teams, leveraging the latest features in PHP, including newly developed extensions and libraries, can be a welcome benefit of PHP migrations.
PHP version releases also regularly introduce quality of life improvements for developers. PHP 7.4, for example, added in a handful of nice improvements in the form of new functions, several new operators, and syntactical changes designed to simplify writing code. These improvements, while not game-changing, help making coding in PHP a better experience for developers.
With all the potential costs and complications that come with a PHP upgrade, the decision to upgrade can be daunting. When considering a PHP upgrade, one of the best ways to determine your readiness is in considering your current testing strategies and coverage.
For applications with excellent test coverage, and with teams that follow industry standard practices for end to end testing, PHP upgrades don’t have to be painful. In fact, most can consider upgrading PHP versions when it’s convenient, or least costly to the business.
For applications that do not currently possess excellent test coverage, most teams should stay on their current PHP version until it’s possible to fully implement these practices. Even then, for teams maintaining legacy applications, the cost of an upgrade may not make sense.
If your team is considering a PHP migration, Zend can help you plan and execute your next migration to perfection.
See Migration Support Options
In our white paper, the Hidden Costs of PHP Upgrades, we explore the hidden costs that can disrupt PHP migrations.
Download White Paper
If you're considering a PHP upgrade, this webinar on enterprise PHP upgrades from Matthew Weier O'Phinney is a must watch.
For more information on PHP migrations, we recommend the following resources:
Massimiliano Cavicchioli is a Software Architect at Zend. He has over 20 years of experience in the tech world, 16 of which he spent contributing to the PHP ecosystem at Zend. During his many years of providing consultation to enterprise corporations, Massi has developed a wealth of tangible knowledge — making him highly capable in helping companies achieve best practices in both PHP and OSS.