Table of Contents

Office Hours Q&A: The risks of using an old PHP version
Written on by Konstantin Kolarov
Updated on
Estimated read time 5 minutes
Office HoursPHP

Office Hours Q&A: The risks of using an old PHP version

Ever since we started this Q&A series as a companion to our Office Hours livestreams, we’ve strived to shine the spotlight on a particularly interesting question a viewer had asked. During the January 22, 2026, livestream, however, Nathan brought up a shocking statistic that warrants elaboration.

More than 20% of WordPress users are still using PHP 7.4. Let the implications sink in for a second while we tell you that its End of Life date was in November 2022. Since then, it has not received any security updates or bug fixes.

That stat offers significant, and slightly concerning, insight about the usage of the popular CMS. If your site still runs it you are definitely not alone, but are at risk.

What PHP 7.4 actually means today

PHP, the general-purpose scripting language, is what makes WordPress tick; it’s the code at the core of the CMS. That makes PHP the engine powering more than 40% of all sites online.

Nowadays, PHP 7.4 is severely out of date. As you saw in the introduction, it stopped receiving support in 2022. That doesn’t mean anything using it still is automatically broken. The version is still functional; however, without any security updates, it’s immensely vulnerable to attacks.

While there are some online services that can offer long-term support for older versions of PHP, for most users running newer versions is a more straightforward and affordable option.

The risks your site is exposed to

It’s possible that a website can run on an old PHP version without any issues. It’s apparently very common when it comes to WordPress. Every 1 in 5 sites is staggering, so what dangers do they all face?

There are three major downsides to using an EoL version of PHP, and all of them are severe.

Security vulnerabilities

No new patches means any vulnerabilities left in the version’s code are not fixed. That leaves them exposed to hackers who can exploit and harm your website.

Outdated software is one of the favorite methods hackers use to try to gain access to a website. It paints a target on your site that might go unnoticed, but it’s not a risk worth taking in the end.​

If this vulnerability in your site is noticed and it gets hacked, the effort to fix it is usually more than it would have taken to use a different PHP version. Not to mention the hit in rankings you’d see when Google notices your site is infected.

Compatibility issues

Newer WordPress core versions require newer PHP. That has been the case for years now, and the WordPress Core team keeps a comprehensive log of PHP version support on their website. Many plugins and themes also require a recent version of PHP.

Websites that use outdated PHP can’t benefit from the latest WordPress, plugin, and theme releases and are forced to use older versions. As you can imagine, that has the exact same result as the first consequence of using old PHP: no security patches.

By using PHP 7.4, users are compounding their security issues: PHP, core WordPress, plugins, and themes are now all vulnerable to attacks.

Performance & missed improvements

Finally, by not updating their PHP version, users are crippling their website’s potential performance. The latest releases of the scripting language deliver significant speed and efficiency improvements.

  • Faster request handling: Engine optimizations in PHP 8.x improve core execution, reducing page generation times on dynamic sites like WordPress.

  • Lower memory usage per visitor: Each request requires less RAM. That allows servers to handle more concurrent users without slowing down.

  • Better CPU efficiency: The newer versions of PHP consume fewer CPU resources, helping to maintain stability during traffic spikes.

  • Just-In-Time support: PHP 8 introduced JIT compilation. It can significantly improve performance on CPU-intensive tasks.

  • Stronger caching compatibility: Newer versions also work better with modern caching layers like OPcache.

  • Ongoing refinements: Each release builds on the last, meaning you don’t miss out on anything and enjoy incremental improvements over time.

Improving performance is one of the best ways to boost your SEO nowadays, and updating your PHP version is a quick win on that front. Not to mention all the other benefits you’ll get that we discussed above.

Why are people still using PHP 7.4, and how to upgrade safely?

While we always recommend keeping all your software up to date, we also fully understand that sometimes that’s not possible or not feasible.

We touched on this in a recent Office Hours Q&A, but sometimes there is no reason to update to the newest version right away. To that end, we imagine many of the websites still using 7.4 do actually require that version to continue functioning. Maybe it’s their code or the plugins they use, or it’s simply a case of “If it’s not broken, don’t fix it.”

Many of those websites may also be abandoned, yet still online on some dusty server somewhere. Even if you are still running 7.4 because you are scared of breaking your site, we get it. There are, however, ways to upgrade without risking your site’s uptime.

  1. Using a staging environment: The easiest way to test whether your site will work with newer PHP versions is to set up a staging environment and update it there. That way, your live site remains untouched.

  2. Backup your live site: Before committing to the upgrade, create a backup of your site and its database. That way, if anything does go wrong, you can immediately restore it and bring it back up.

  3. Use a hosting provider: Leverage the expertise of a provider like hosting.com to handle testing and upgrades for you.

The best part is that with how well-documented WordPress is, even if you want to do the upgrade yourself, you will not be alone in the end. The community is vast, and help is around every corner of the internet. The support doesn’t stop with forum posts and tutorials, either.

In our regular Office Hours livestreams you can ask questions about upgrading PHP, or anything else related to websites, WordPress, and hosting. Register with this link and get answers straight from people who work in the industry.

Consider upgrading

Even if your website is still active and perfectly functional, we strongly recommend that you put together a plan to migrate to a newer PHP version.

Whether you are using WordPress or another platform that relies on PHP, your site faces risks each day that can be avoided. The upgrade doesn’t have to happen right away, but researching a method of doing it and creating a backup of your site are good first steps.

​In the end, if moving away from PHP 7.4 to a newer version is possible, your site will be better off for it.

Konstantin is a content writer for hosting.com with a strong foundation in web hosting and tech support. After several years of dedicated customer assistance, helping websites stay online and secure, he now brings clarity and creativity to the complex world of digital infrastructure. His writing combines real-world technical knowledge with a knack for making complex topics accessible.

View more posts by Konstantin Kolarov