decorative image for blog on wordpress php support
June 8, 2023

The State of WordPress PHP Support

PHP Development

WordPress, written in PHP, powers upward of 65% of websites that use a content management system (CMS). However, given the complexity of WordPress as a CMS and the relatively fast lifecycle of PHP releases, WordPress has recently fallen behind the PHP community support lifecycle. This means that teams deploying WordPress, even if they’re on the latest version (as we’ll explain later), can unknowingly deploy unsupported and unpatched PHP.

So what does this mean for teams that use WordPress for mission-critical websites and web applications? And what impact does this have for companies that provide managed hosting for WordPress sites?

In this blog, we’ll walk through the current state of WordPress PHP support, including the typical WordPress release cadence, the PHP versions that accompany those releases, the impact of lagging WordPress support for PHP, and ways teams can stay protected while deploying end of life PHP.

Back to top

Does WordPress Support PHP?

Yes, WordPress supports PHP. As of August 2024, WordPress recommends using PHP 8.0 or higher to produce the best results.

Back to top

WordPress PHP Support: Why It Matters

For teams deploying WordPress-based websites and web applications, the PHP version deployed with their WordPress is often overlooked. Most of the time that’s fine, as WordPress typically updates the supported PHP version with their WordPress releases, but sometimes WordPress lags behind the community support lifecycle for PHP. This means that the PHP versions shipped with new WordPress versions might not be community supported, causing a gap in WordPress PHP support.

What does that mean for teams deploying WordPress? Essentially their applications, which are deploying on unsupported PHP versions, are vulnerable to exploits to those versions. Because the PHP community does not provide patches to those versions after their declared end of life dates, teams deploying these versions need to find other ways to patch their deployed PHP, or risk potentially devastating consequences to their websites, applications, or businesses. 

PHP 8 is a prime example of this conundrum. Despite the terminal release for PHP 7, PHP 7.4, reaching community end of life in November 2022, new WordPress versions don’t officially support PHP 8, with PHP 8 support still only available as a beta feature. For teams where upgrading WordPress represents a substantial investment of developer hours, this puts them in an untenable and risky position. So, when considering WordPress PHP support, what's the answer?

Mittwald Managed Hosting Customers Stay Secure With Zend

mittwald, a global leader in web hosting, partnered with Zend to deliver value, security, and peace of mind to their customers, including those using WordPress.

Read the Case Study  Hosting Provider Solutions

Back to top

Unpacking the WordPress Release Cadence

Public WordPress releases are grouped into two categories, major and minor, with each release type undergoing a release candidate / beta process. Major releases typically contain major updates (e.g. new features, deprecations, etc.) to WordPress, while minor versions are typically associated with security and maintenance releases.

Source: Major and Minor Version Release Cadence | make.wordpress.org

WordPress Major Release Cadence

Dating back to WordPress 5.0, which was released in December, 2018, there have been 12 major releases, with an average duration of 131 days between those releases.

WordPress Version

Release Date

Days After Previous Release

5

12/6/2018

 385

5.1

2/21/2019

77

5.2

5/7/2019

75

5.3

11/12/2019

189

5.4

3/31/2020

140

5.5

8/11/2020

133

5.6

12/8/2020

119

5.7

3/9/2021

91

5.8

7/20/2021

133

5.9

1/25/2022

189

6

5/24/2022

119

6.1

11/1/2022

161

6.2

3/29/2023

148

WordPress Minor Release Cadence

Looking historically at minor releases for WordPress, there are generally between one and three minor releases per major release. As an example, 6.0 had three minor releases, with 6.0.1 (maintenance), 6.0.2 security and maintenance), and 6.0.3 (security).

WordPress Version

Release Date

Days After Previous Release

Release Designation

5

12/6/2018

126

Major

5.0.1

12/13/2018

7

Minor

5.0.2

12/19/2018

6

Minor

5.0.3

1/9/2019

21

Minor

5.1

2/21/2019

43

Major

5.1.1

3/12/2019

19

Minor

5.2

5/7/2019

56

Major

5.2.1

5/21/2019

14

Minor

5.2.2

6/18/2019

28

Minor

5.2.3

9/5/2019

79

Minor

5.2.4

10/14/2019

39

Minor

5.3

11/12/2019

29

Major

5.3.1

12/13/2019

31

Minor

5.3.2

12/18/2019

5

Minor

5.4

3/31/2020

104

Major

5.4.1

4/29/2020

29

Minor

5.4.2

6/10/2020

42

Minor

5.5

8/11/2020

62

Major

5.5.1

9/1/2020

21

Minor

5.5.2

10/29/2020

58

Minor

5.5.3

10/30/2020

1

Minor

5.6

12/8/2020

39

Major

5.6.1

2/3/2021

57

Minor

5.6.2

2/22/2021

19

Minor

5.7

3/9/2021

15

Major

5.7.1

4/15/2021

37

Minor

5.7.2

5/13/2021

28

Minor

5.8

7/20/2021

68

Major

5.8.1

9/9/2021

51

Minor

5.8.2

11/10/2021

62

Minor

5.8.3

1/6/2022

57

Minor

5.9

1/25/2022

19

Major

5.9.1

2/22/2022

28

Minor

5.9.2

3/11/2022

17

Minor

5.9.3

4/5/2022

25

Minor

6

5/24/2022

49

Major

6.0.1

7/12/2022

49

Minor

6.0.2

8/30/2022

49

Minor

6.0.3

10/17/2022

48

Minor

6.1

11/1/2022

15

Major

6.1.1

11/15/2022

14

Minor

6.2

3/29/2023

134

Major

6.2.1

5/16/2023

48

Minor

6.2.2

5/20/2023

4

Minor

Looking at the average number of days between releases for WordPress versions 5 and up, including both minor and major versions (but excluding beta and release candidates) WordPress has a GA release every 40 days.

Minor releases, as noted earlier, fall into two categories: maintenance releases and security releases, with many minor releases containing both maintenance and security components. Of the 31 minor releases since PHP 5.0 was released, 13 have been Maintenance releases, 12 have been Security and Maintenance releases, and 6 have been Security releases.

Pie chart showing WordPress minor releases by category

All this to say, WordPress releases generally skew toward maintenance more than security, which indicates the relative security of WordPress as a platform. This impacts WordPress PHP support, as will be discussed later.

Beta Releases and Release Candidates

Like many other projects (including PHP), WordPress builds toward major version releases with a series of beta releases and release candidates. These releases ensure that WordPress has a proving ground for new features, as well as provide advanced notice for deprecations and enhancements that may cause problems for teams as they upgrade.  </p> <p> Major versions typically have anywhere from 1-4 beta versions before they reach the release candidate stage, where there can be an additional 1-5 release candidates before the version reaches GA release.

Back to top

WordPress PHP Support by Version

So how do these releases map to PHP version support, and does WordPress release cadence generally align with the PHP community support lifecycle?

In short, yes and no. While WordPress versions have historically provided a long window of community support for the PHP versions they ship with, since 2019 that time span has shifted to be dramatically shorter.

WordPress Version

Release Date

Newest Fully Compatible PHP Version

PHP Version EOL Date

4

9/4/2014

5.5

7/10/2016

4.1

12/18/2014

5.6

12/31/2018

4.2

4/23/2015

5.6

12/31/2018

4.3

8/18/2015

5.6

12/31/2018

4.4

12/8/2015

7.1

12/1/2019

4.5

4/12/2016

7.1

12/1/2019

4.6

8/16/2016

7.1

12/1/2019

4.7

12/6/2016

7.2

11/30/2020

4.8

6/8/2017

7.2

11/30/2020

4.9

11/16/2017

7.3

12/6/2021

5

12/6/2018

7.3

12/6/2021

5.1

2/21/2019

7.3

12/6/2021

5.2

5/7/2019

7.3

12/6/2021

5.3

11/12/2019

7.4

11/28/2022

5.4

3/31/2020

7.4

11/28/2022

5.5

8/11/2020

7.4

11/28/2022

5.6

12/8/2020

7.4

11/28/2022

5.7

3/9/2021

7.4

11/28/2022

5.8

7/20/2021

7.4

11/28/2022

5.9

1/25/2022

7.4

11/28/2022

6

5/24/2022

7.4

11/28/2022

6.1

11/1/2022

7.4

11/28/2022

6.2

3/29/2023

7.4

11/28/2022

graph showing wordpress php support for non end of life php versions

In the chart above, the negative value for WordPress 6.2 indicates that it shipped with a PHP version (PHP 7.4) that had already reached end of life.

As stated earlier, for companies deploying WordPress-based applications, WordPress PHP support presents a significant challenge – even if it may end up being a short-term challenge.

Back to top

When Will WordPress PHP 8 Support Be Available?

WordPress versions 5.6 and up offer PHP 8.0 support as a beta feature, 5.9 and newer support up to 8.1, and 6.1 and newer support 8.2 – with the caveat that all PHP 8.x support is in beta (indicated by the asterisk in the chart below). Given the previous release cadence for WordPress, we think that PHP 8.x support will exit beta within the next 3 months.

Support Categorization Update: 12/28/2023 

WordPress has added in a new designation, "Compatible With Exceptions" for PHP 8.0 and PHP 8.1 support for both WordPress 6.3 and WordPress 6.4. PHP 8.2 and PHP 8.3 support are marked as beta.

According to WordPress, those exceptions apply to: 

  • htmlentities() 
  • Replace most strip_tags() with wp_strip_tags()
  • unregister_setting() for unknown setting
 

Supported PHP Version

WordPress Version

5.2

5.3

5.4

5.5

5.6

7

7.1

7.2

7.3

7.4

8

8.1

8.2

6.2

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

Y*

Y*

6.1

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

Y*

Y*

6

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

Y*

N

5.9

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

Y*

N

5.8

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

N

N

5.7

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

N

N

5.6

N

N

N

N

Y

Y

Y

Y

Y

Y

Y*

N

N

Source: https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/

Back to top

WordPress PHP Support Challenges

Regardless of when WordPress PHP support will fully cover PHP 8.x versions, the reality is that companies deploying WordPress with unsupported PHP versions have an increased level of risk, unless they have a way to patch vulnerabilities revealed in those PHP versions since they reached community support end of life. 

While this might be the first time in recent memory that WordPress users have faced this challenge, the long-term trend of decreasing support windows for the shipped PHP version is concerning to teams charged with keeping their web applications, and data, secure. It’s worth mentioning, however, that WordPress isn’t alone in struggling to keep up with the PHP community support lifecycle. 

Creators and maintainers of plugins, themes, and extensions within the WordPress ecosystem are also lagging behind in providing PHP 8.x support. Consequently, even when teams are able to upgrade to a WordPress version that supports PHP 8, they may find that the plugin or theme central to their web application may not support PHP 8.

Back to top

Final Thoughts

While this might be the first time in recent memory that WordPress users have faced this challenge, the long-term trend of decreasing support windows for the shipped PHP version is concerning to teams charged with keeping their web applications, and data, secure. It’s worth mentioning, however, that WordPress isn’t alone in struggling to keep up with the PHP community support lifecycle.

Regardless of why it’s happening, teams deploying or managing WordPress-based sites need to plan ahead, and have well-established contingency plans if they end up deploying unsupported PHP in production.

Need Patches for Your EOL PHP?

Zend can help. With PHP LTS options for a variety of EOL PHP versions, you can keep your applications secure and compliant until you’re ready to migrate.

SEE LTS OPTIONS

Additional Resources

Back to top