Yoast SEO 4.5 Urges Users to Upgrade to PHP 7

Yoast SEO 4.5 was released today with a handful of improvements and, most notably, a big push for users to upgrade to PHP 7.

“In Yoast SEO 4.5, we are urging site owners whose sites run on servers with an outdated version of PHP to update to a more recent version,” Joost de Valk said. “To move the web forward, we need to take a stand against old, slow, and unsafe software.”

WordPress’ minimum PHP requirement is still at 5.2.4, six years after PHP 5.2 reached end of life in 2011. This version is now vulnerable to many security issues. Current usage stats show 5.4% of WordPress sites are running on PHP 5.2. As this likely represents millions of users, WordPress’ core leadership is reluctant to bump the minimum requirements. Only 8% of sites are on PHP 7+, as hosting companies are slowly adding support.

“Because web hosts are not upgrading PHP, we have decided to start pushing this from within plugins,” de Valk said. He contends that the WordPress ecosystem is losing good developers because the project is moving too slowly. He also makes the case for security and speed.

“WordPress is sometimes said to be slow, but it actually doesn’t have to be slow at all,” de Valk said. “If it’s running on old versions of PHP, however, it is, most certainly, slow. PHP 5.2 is more than 100% slower than PHP 5.6, and a whopping 400% slower than PHP 7.”

De Valk decided to throw the weight of Yoast SEO, which he estimates to be 6.5 million active installs, behind the movement to push hosts to upgrade their customers to PHP 7. The latest release of the plugin displays a notice to WordPress administrators running sites on PHP 5.2, urging them to upgrade to PHP 7. The notice is “big, ugly, and non-dismissible,” de Valk said. It is generated by an error that auto-resolves when the user fixes their outdated PHP version.

“The notice will also encourage people to contact their host if they don’t know how to upgrade their PHP,” de Valk said. “Yes, this could be painful for some hosts. This notice is deliberately intended to make them work.”

De Valk said the plugin will start displaying the notices for PHP 5.2 and will add 5.6 as soon as it is no longer supported. Through experience with his customers, de Valk has found that outdated, slower versions of PHP are damaging Yoast SEO and WordPress’ reputations, as neither are optimized for PHP 5.2. Although older versions are not holding the plugin back from new features, it makes it difficult for the team to clean up the code.

“There aren’t many features I cannot build right now, but code quality is suffering because we can’t use namespaces, short array notation, etc,” de Valk said.

The Yoast SEO team has created WHIP, a WordPress package to nudge users to upgrade their software versions and made it open source for plugin and theme developers to implement in their own extensions. The project includes a filter for linking to the WordPress.org hosting page, which includes a selection of hosts that offer PHP 7.

Most of the large hosting companies already have documentation for upgrading PHP versions. Ultimately, it’s the end users who will have the power to get more hosting companies on board. De Valk said he doesn’t know how big the impact will be but encourages users to vote with their pocketbooks by leaving hosts that are unwilling to assist in upgrading PHP.

“It might be entirely possible that your host is not willing to work with you,” de Valk said. “If so, think about moving web hosts. A web host provides the engine your site runs on and that better be a damn good engine.”

34 Comments


  1. Good on Joost for taking this stand. WP SEO has a huge userbase, and that message will be very visible to those that need it.

    I know the WordPress team is reluctant to take drastic steps on this topic. But the situation we are in is partly, if unintentionally, of their own making – by clinging to the tenet of backward compatibility for so long, WordPress has avoided using newer language features, and hosts have gotten complacent in software updates. Outdated themes and plugins is another issue. I know Siteground has already taken the step to make upgrading users to PHP 7 relatively easy, they even provide a tool to scan for and highlight potentially incompatible code.

    WordPress powers 25% of the web. PHP powers a large portion of the web also. WordPress won’t dramatically bump the minimum PHP version unless significant progress is made on PHP upgrades on the web. And the latter might not happen but for the former. The logjam needs to be broken somewhere.

    Report


  2. A very good reason to ditch yoast seo from the server if ihis program starts telling users by non-dismissible notifications that they should upgrade the php version on their server. Its their choice and not what Yoast thinks it should be.

    Report


    1. I think that is why Yoast is doing this with their own plugin I mean they know it will annoy clients and thus they either get upgraded by contacting the host / admin / IT person etc. But they are willing to risk it for what they think is a better future for their plugin and WordPress in general.

      People still have choices like 3 main choices I see:

      1. Upgrade their php if host supports.
      2. Remove yoast and use another plugin.
      3. Host / admin / IT person will either create a plugin or some code to hide the notice.

      Also the option of ignoring it is going to be real as well for those people that don’t log into backend often or had someone else setup their website and are not actually admin role means they won’t see it.

      Report


    2. I’m curious why you’d want to stick with php 5.2 anyway. It’s like stubbornly using Windows XP after security patches cease. It’s stubborn for the sake of being stubborn.

      Report


  3. Maybe this is exactly what people need, a big, ugly, non-dismissable notice to get upgraded. People have been clamoring for WordPress to do something similar for years but the project refuses to do so because ultimately, WordPress should work and the end user shouldn’t need to know or care what version of PHP their site is using.

    I think this is a useful experiment and it will be interesting to hear from Yoast 6-9 months from now if the notice is having any impact. WordPress SEO has the ability to send this type of data back to Yoast so I’m sure he’ll be able to see the difference if there is one.

    Report


  4. I’m a web host but not of your typical kind. I work in higher education. I’ve got a small team that does web development, server management and supports the user base of 200 editors on all our WordPress sites.

    Higher education and enterprise is not going to take kindly of seeing non-dissemble in your face warnings to update to the latest PHP. Personally we have all servers at PHP 5.6 and we’re looking at implementing 7 but we’re not there yet.

    I feel for the big hosts but as their full-time job is managing fleets of servers and server software they should be able to do this and get it right. I personally have sites with a shared host and they’ve gotten it right with php 7 and I appreciate that.

    I just think for the needs of enterprise and higher education where we can’t move quickly and this isn’t our full time job managing servers and ensuring the stack is at the latest and greatest, we shouldn’t be penalised with these non-dismissble messages.

    I for one, will be reevaluating if Yoast SEO is installed on my sites.

    Report


    1. I’m sure it is a long way off before 5.6 starts triggering the notice. The focus for now is on 5.2, in case you didn’t notice.

      Report


    2. PHP 5.6 will be supported (security fixes) until 1 Jan 2019.

      It will be very interesting to see if this quite aggressive nagging of PHP 5.2 users will make any of them ask for and get at upgrade from their host or their server manager.

      Report


    3. If 5.2 reached end of life 6 years ago, enterprise and higher education has had plenty of time to upgrade to at least 5.6. I wouldn’t call this aggressive by any means.

      Report


    1. This notice will be big, ugly, and non-dismissible.

      I’d be interested to know what the WordPress Plugin reviewers think of this. I didn’t think non-dismissible messages were acceptable, let alone a message that’s a suggestion and not a requirement (let’s remember that this new version of Yoast SEO doesn’t require PHP 7 to work).

      Report


      1. Yes, but guidelines are just guidelines. It’s all a question of interpretation.

        So, in reality what you have are situations where some guidelines are applied rigidly and others are fairly loose and in the case of Yoast it seems they’re not applied at all!

        Don’t expect to see the plugin removed any time soon. Some developers are immune from these kinds of things.

        Report


      2. I’m not going to say John is right but I’ve spoken with the wp.org plugin people and they say it does abide by the guidelines, as it is dismissible (by upgrading PHP).

        Report


      3. You are right, John. In the repo, all devs are equal, but some devs are more equal than others…

        Report


      4. I’d be interested to know what the WordPress Plugin reviewers think of this.

        The plugin reviewers and Joost are sharing a bed, they always cozy up with each other and rules that apply to common folk don’t (seem to) apply to Joost and cohorts.

        Report


    2. Yeah, I’d be extremely surprised if someone hasn’t contacted them from the review team to say that any admin notices must be dismissable.

      Report


      1. See my reply above Justin. Sadly, upgrading your PHP is seem as making it ‘dismissible’ so it’s okay.

        Report


      2. Some developers are more equal than others. The plugin directory moderators tie themselves in contortions making excuses for the exceptions for Yoast and Jetpack. It’s shocking that the guidelines aren’t worth the bits of which they are made. It’s not much fun being part of an open source community which is gradually being turned into a marketing project for Automattic and friends.

        Yoast should have to obey the same rules as the rest of us, Otto and Mika.

        Report


      3. Yeah, I’d be extremely surprised if someone hasn’t contacted them from the review team

        The problem with that, Justin, is that the moment you do that, you will forever be “in the sights” of both Mika and Joost and cohorts. Not a position many people will want to be in…

        Report


    3. Thanks for mentioning my plugin, Marcel!

      I can guarantee that if that notice is added to the Yoast plugin, I will release an update which makes it go away.

      From then on it will most likely become a cat-and-mouse game (I sometimes have the feeling it already is) with them releasing versions with different classes and IDs so the bloat can show again, until people hopefully get so tired of Yoast and replace it with a plugin that does what it says and does NOT force stuff on people.

      Report


  5. This is great to see! After learning that there is no clear roadmap for WordPress moving away from the old, insecure PHP versions, I thought about creating such package myself.
    Yoast SEO definitely has a big enough user base to make a difference, and I hope other popular plugins follow.

    I do see that it’s an annoyance to get such a notice on your site, but I bet most aren’t even aware that they’re using (and probably paying for) an insecure version of PHP.

    By using Freemius in Content Aware Sidebars, I can see that less than 2% of the sites using the plugin runs on PHP 5.2 and more than 50% are on PHP 5.6+.

    Report


  6. A web host provides the engine your site runs on and that better be a damn good engine.

    I certainly agree with that. Not only good, but secure. As a WordPress host, security is one of our priorities and we have had PHP 7 in place on all of our servers (as well as PHP 5.6) for a long time.

    Using insecure versions of software, whether back end or front end, is essentially just asking to be hacked. We of course find cases on a fairly regular basis of sites with insecure front end software being hacked, and cleaning them up is not always easy. :(

    Security first means less headaches later. :)

    Report


  7. It is a great initiative, for more WP hosts to have PHP7 as the default on new WP installs.

    Report


  8. PHP 7 is a nightmare upgrade for ISPs because it removed mysql() functions.

    I used Oracle’s automated mysqli() updater once, but site needed edits.

    It makes no sense for a business to break thousands of old sites.

    Report


    1. 5.2 -> 5.3 -> … 5.6. you still have 4 years as an ISP to even start about migrating to 7.0.

      Report


    2. PHP 7 is a nightmare upgrade for ISPs because it removed mysql() functions.

      That doesn’t make it a nightmare for ISP’s, but for customers that keep relying on old code.

      Report


      1. No. The nightmare is the thousands of frantic support calls after a PHP upgrade breaks sites.

        Report


  9. Interesting. I own a hosting company, and we don’t offer < PHP 7.0 or 7.1 at this point. I dislike nag messages, but understand why Yoast is doing this. I would add that it's unusual to run into PHP 7 incompatibility problems for site owners using legitimately coded plugins The benefits are significant. Not sure I understand the clawing some do to hang on to deprecated versions of stacks, other than maybe a culture of laziness and refusal to adopt reasonable standards.

    Report


  10. Interesting and educational. We have tried many different hostings on our own website. But does seem like switching over to PHP 7 right now might not be the time since there could be some incompatibility issues. Looking forward for other plug-ins and such to get on the wagon!

    Report


    1. Php 7.x issues exist only because theme and plugin developers do not follow the new php 7 coding way. These developers should have updated their code a long time ago as most of the notifications have been in their development environment since php 5.4. So they knew already they should improve their coding. But even wordpress itself who includes f.e the wordpress importer plugin has still not undertaken any steps to make it php 7 compatible regardless of all the suggestions in the plugins reported issues threads. It is unbelievable that users are reporting fixes and they are simply ignored. And then their are so many scripts and plugins that are abandonned by the developers but their code are still used by themes and other plugins. It is a long way to go. WP should just stop working on old 5.x php versions. That would immediately cause all hosters to update or loose their clients. I asked my hoster to update a server. I got a answer it was a old server and they would move all clients to a new one soon. That was 2 years ago and it still did not happen. Btw woocommerce is already doing this for a long time telling people that their php version is not ok.

      Report


    2. Quite a lot of well supported plugins will work fine on PHP7.

      Report

Comments are closed.