image-blog-php-migrations
August 6, 2020

PHP Migrations: When Is Migrating the Right Choice?

Migration

PHP migrations can present large hurdles to companies. The rapid pace of innovation in the PHP language and libraries written in PHP often acts as a driver for migrating to newer PHP versions. However, such migrations can prove to be lengthy and expensive affairs that impact other business considerations

In this blog, we look at why PHP migrations can be advantageous for companies on outdated and end of life PHP versions, with a look at how a PHP migration can impact security, performance, and compliance.

PHP Migrations: Things to Consider

In general, a PHP version upgrade involves many moving parts. From planning to execution, these factors are not only difficult to estimate, but often problematic to implement (i.e. testing, library swapping, etc.).

The direct cost (development hours) of a software upgrade can range from a few thousand to hundreds of thousands of dollars, depending on the size of the application, its business criticality, and the industry you are in.

To avoid getting overrun by advances in PHP technologies, teams must consider the cost of software upgrades — including the cost of falling behind.

Benefits of a PHP Migration

For most applications, the primary benefits of upgrading PHP versions are in improved security and increased performance.

PHP version upgrades can also allow teams to leverage new language features, extensions and libraries that were not present in the previous PHP version – all of which can provide tangible benefits during QA and maintenance cycles.

PHP Migration Benefits
BenefitDescription
SecurityMigrating to supported PHP versions means better protection against critical vulnerabilities and exposures.
PerformanceNew PHP versions often give significant performance benefits over previous versions.
ComplianceCompliance standards often necessitate a migration, but they can also make maintaining compliance easier.
ImprovementsMigrating to the latest PHP version means teams can leverage new language features, extensions, and libraries.

Security

Simply put, applications running on unsupported PHP versions are more exposed to critical vulnerabilities..

PHP applications on current PHP versions (or on third-party supported end of life PHP versions) get the benefit of frequent security patches, and hotfixes that keep the application less susceptible to security failures.

For companies with mission critical applications, or applications that store any type of sensitive data, migrating to supported PHP versions (or finding alternative means of PHP LTS) is critical.

Performance

In modern applications, user experience can make or break an application. One of the most critical points of user experience, of course, is application performance.

PHP puts a big focus on improving performance through each release version, with some releases (like PHP 7.3) netting double digit performance gains.

For companies that don’t upgrade, computing resource usage/cost (e.g. CPU, RAM) for their application can be substantially higher than if they migrated to a newer, more performant PHP version.

Failure to upgrade to these better performing PHP versions can put applications, and companies, at a competitive disadvantage.

Compliance

While compliance and security often go hand in hand, compliance standards can require up to date encryption standards and sometimes necessitate a PHP migration.

As a concrete example, the Payment Card Industry Security Standards Council (PCI SSC) requires TLS 1.2 or greater, or email client encryption.

The requirement must also be satisfied by communications generated from within a PHP application, like HTTP requests or mail sending routines.

These requirements are completely satisfied from certain versions of the PHP engine. Practically, the minimal version of the PHP engine that best supports PCI compliance is 7.2, in which many security aspects are addressed thoroughly within the engine itself.

New Features, Extensions, and Libraries

While less of a decision point for most teams, leveraging the latest features in PHP, including newly developed extensions and libraries, can be a welcome benefit of PHP migrations.

PHP version releases also regularly introduce quality of life improvements for developers. PHP 7.4, for example, added in a handful of nice improvements in the form of new functions, several new operators, and syntactical changes designed to simplify writing code. These improvements, while not game-changing, help making coding in PHP a better experience for developers.

Deciding When and When Not to Migrate

With all the potential costs and complications that come with a PHP upgrade, the decision to upgrade can be daunting. When considering a PHP upgrade, one of the best ways to determine your readiness is in considering your current testing strategies and coverage.

For applications with excellent test coverage, and with teams that follow industry standard practices for end to end testing, PHP upgrades don’t have to be painful. In fact, most can consider upgrading PHP versions when it’s convenient, or least costly to the business.

For applications that do not currently possess excellent test coverage, most teams should stay on their current PHP version until it’s possible to fully implement these practices. Even then, for teams maintaining legacy applications, the cost of an upgrade may not make sense.

Plan Your Next PHP Migration With Zend

If your team is considering a PHP migration, Zend can help you plan and execute your next migration to perfection.

See Migration Support Options

Discover the Hidden Costs of PHP Migrations

In our white paper, the Hidden Costs of PHP Upgrades, we explore the hidden costs that can disrupt PHP migrations.

Download White Paper

Additional Resources

If you're considering a PHP upgrade, this webinar on enterprise PHP upgrades from Matthew Weier O'Phinney is a must watch.

For more information on PHP migrations, we recommend the following resources: