30 December 2018

The reason why you are still on PHP 5.6

Yireo Blog

MageTestFest takes place on March 5-8th in Italy: -16 days to get your ticket

The reason why you are still on PHP 5.6

Starting with a disclaimer: The reason why I write this is not that I believe sites running on PHP 5.6 at the end of 2018 is a good thing. I don't get it. It feels sloppy. This blog serves as a means to investigate why people are still running PHP 5.6 and to see if we can convince them otherwise.

End of the year 2018, end of PHP 5.6

Let's state the obvious first (and I assume this to be obvious to my readers): PHP 5.6 is deprecated since early 2017 (more or less the release of PHP 7.0). And while PHP 7.0 is already dead, PHP 5.6 has seen a longer lifetime because it is the last release in the PHP 5 chain. However, this ends on December 31st of 2018: Starting from the new year, no more security updates will be released for PHP 5.6 and it is officially End of Life.

Still, many Magento 1 shops are running on PHP 5.6. I have been in contact with various merchants on this, because our newly released extensions were supposed to work only on PHP 7. So why is PHP not upgraded? I personally feel this is a bit silly: PHP 5.6 has been deprecated for quite some time, which means all of this time should have been used to migrate the shop to PHP 7. Instead, nothing happened. Why?

Benefits

Oh and before I continue, some benefits of PHP 7: It is much faster and a faster webshop means happier customers, which again means more revenue, so more money. In short (maybe a bit too short), PHP 7 earns a merchant more money. Sticking behind means the opposite - loosing money.

Additionally, PHP 7 is more stable and it includes features for developers to create code that is much more stable than under PHP 5 (mainly type hinting). PHP 5 is technically inferior. It is outdated.

Reason: The client does not have a budget

I think the number one reason why Magento 1 shops are still running on PHP 5.6 is money. The merchant does not have a budget to upgrade to PHP 7. But when you read the paragraph on benefits above, you understand that the shop is likely to generate more money under PHP 7, simply because of the speed benefit.

The issue is this: It is not about the budget itself, it is about budget planning. If a merchant would reply to me that there is no budget for planning ahead this far, my answer back would be "do you mean no budget planning ... FOREVER?". Planning ahead is key for being an enterpreneur. You anticipate customer needs, market changes. Let's estimate the cost: A PHP 7 upgrade should not take more than a few days, say 24 hours. This means that with a rate of 100 Euro, this requires a budget of 2400 Euro. (Often I personally hear of upgrades that take a mere two hours with rates below 75 Euro: My numbers are just an example to show how to deal with a budget - Budgetting for Dummies.)

If you can't spend this amount right away, put money aside until you have saved up for this change. But it would be stupid not to plan anything at all. I'm not against postponing for a reason. I'm against postponing without any date fixed in the future. I'm against postponing for the wrong reasons.

Reason: The hoster does not offer PHP 7 support

In the last years, I gave a bunch of talks on PHP 7 and what I heard frequently was that site owners were often happy to try to upgrade to 7 but that their hosting provider didn't support this yet. I believe that, at this moment, any hosting provider should support PHP 7.0 or later. If they don't, cancel the hosting subscription right away.

Reason: I can't upgrade the Magento core

I've rearranged the paragraphs quite a bit while writing this blog. For instance, I wanted to deal with the hosting point above first, just to make clear that your hosting provider is ready for PHP 7. This also means that it should be possible to copy your Magento shop to a temporary environment with PHP 7 to see if it is ready. This shouldn't take more than one hour. If it takes more time, document all steps, so you can automate this process. There is no reason not to test whether the shop works under PHP 7 - regardless of the outcome of this test.

To achieve PHP 7 compatibility for Magento 1, an additional step needs to be taken as well: You should be running either the Magento 1.9.4.X release. Or you should apply the PHP 7 patch that Magento offers for Magento 1.9 shops. Or you should use the Inchoo PHP 7 module. The last option is a bit deprecated, because of the compatibility that Magento itself now offers.

It might be that the Magento shop is still running Magento 1.8 or older. This means that the official Magento patch does not work, unfortunately. And perhaps you didn't apply the countless security patches of recent years either. ... Wait, what? You are running an older Magento shop that has major security holes in it and you don't want to upgrade anything!?! Either this shop is an intentional hacker honeypot. Or you simply don't care (and see below if this is your actual reasoning).

Reason: I can't upgrade Magento extensions

Most Magento 1 shops also include dozens of third party extensions and it might be that those extensions are stopping you from upgrading to PHP 7. Well, PHP 7 is a bit more unforgiving when it comes to bad coding (for example, exception handling changed) but this is actually taken care of by the Magento core. There are some other minor changes, which only takes minutes to fix in 3rd party modules (like list()). And there's a couple of more drastic changes like the deprecation of mcrypt (I personlly rewrote my old MageBridge solution to use OpenSSL encryption instead) and the removal of MySQL functions (while a Magento extension should be using the DBO layer instead anyway). All of these changes are easy to fix and they should not take up a lot of time.

Unless you don't want to spend that time at all and see it the responsibility of the extension vendor to fix this. I agree. Any respectable extension provider should offer PHP 7 compatibility and announce it as such. Or announce that the extension is permanently out-of-use. If you are running an encrypted extension (ionCube, Zend Guard), try to remove the module as soon as possible. No discussion. And if an extension provider doesn't respond, try to remove the extension as well: The extension might contain security risks and if nobody is maintaining it anymore, it is best removed.

Reason: I do not care

A reason to not change anything in the shop might also be that you simply don't care about the shop enough: Maybe the Magento 1 shop is built years ago, it is not making that much money and investing a lot more into it is simply not profitable enough (see the budget section above). This sounds like a valid reason. However, the world of e-commerce is changing quickly: Maintaining a shop is not just a choice, it is a responsibility as well.

Your customers do care. As soon as somebody is entering personal details (GDPR) into your shop, you have become responsible for the safe-guarding of that information. You might actually be legally obliged to maintain your shop security-wise - slowly regulation is moving towards this point of responsibility. I'm convinced that security will become more and more an issue in the Magento ecosystem (data theft, rerouting payments, launching new hacks from your shop, etc). And I'm also convinced that not caring will get you into deep trouble sooner or later.

Reason: Nothing will happen

Finally, a reason I have heard when it comes to merchants not willing to upgrade, is that nothing will happen. Magento 1 will remain there for yet another decade, PHP 5.6 likewise. And nobody is going to tell you otherwise. No bug that will be revealed will have impact on your shop (with some dark magic going on here to make this possible). Security issues will not effect your shop. Right? If you are really believing that your shop will not be effected by upcoming changes, while everyone else constantly shouts out that changes are coming so quickly and have so much impact, then you are ignorant. Dangerously ignorant.

The Magento ecosystem is on the move. Technology is changing. The expectations of customers are changing. Hackers become more resourceful. PHP bugs are found and repaired. And PHP becomes faster and better. A Magento shop therefore also needs to change.

If you are not willing to go along with this (because your shop generates not enough sales), take it offline. Or take the time to invest in it - perhaps not with money right away, but do make sure to spend time on it.

In short, upgrade to PHP 7

In short, I don't see any real reasons why you should not upgrade your Magento 1 shop to PHP 7, or at least actively work on making this possible. I hope that we can all see that the end of this year marks what PHP itself tells us what it will mark: The End Of Life of PHP 5.6.

Written on 30 December 2018 by Jisse Reitsma

About the author

Jisse Reitsma is the founder of Yireo, extension developer, developer trainer and two times Magento Master. His passion is for technology and open source. And he loves talking as well.

Looking for a training in-house?
Let's get to it!