After the often tricky switch to https at the beginning of the year, many website operators are now facing an even bigger problem at the turn of the year. This is because the developer community is discontinuing extended support for PHP 5.6 at the end of the year. This means that there will no longer be any free security patches for this version of the popular open source scripting language. Although this step was announced almost two years ago and further development was discontinued at the end of last year, very few website operators and hosters have reacted to this so far.

Analysts such as W3techs assume that almost 80 percent of all websites now rely on the flexible and efficient PHP. Over three quarters of them use PHP 5.6 and in some cases even older versions that are no longer supplied with the latest security updates. In order to remain as secure as possible in 2019, they should quickly migrate to a current development stage. The best option is to upgrade directly to PHP 7.2, which was released a year ago, as support for version 7.0 will also expire in December. Due to its widespread use, security experts expect that cyber criminals are already preparing intensively to launch a wave of attacks on websites with outdated PHP at the beginning of next year. A similar situation was observed after the end of support for Windows XP.

One reason for the delay in this important changeover is probably the lack of pressure from the developers of widespread content management systems based on PHP. For example, Joomla and especially Wordpress, which has a market share of more than 25 percent, are still satisfied with PHP versions that are even older than PHP 5.6 as a minimum requirement. The developers of Drupal still want to require version 7 by March next year. Only Typo 3 actually requires the current version with PHP 7.2. The PHP developers therefore want to remind all users of the outdated 5th generation in the coming weeks to initiate an update with their hosting providers in good time.