Yoast SEO 4.5 Urges Users to Upgrade to PHP 7

Yoast SEO 4.5 was released today with a handful of improvements and, most notably, a big push for users to upgrade to PHP 7.

“In Yoast SEO 4.5, we are urging site owners whose sites run on servers with an outdated version of PHP to update to a more recent version,” Joost de Valk said. “To move the web forward, we need to take a stand against old, slow, and unsafe software.”

WordPress’ minimum PHP requirement is still at 5.2.4, six years after PHP 5.2 reached end of life in 2011. This version is now vulnerable to many security issues. Current usage stats show 5.4% of WordPress sites are running on PHP 5.2. As this likely represents millions of users, WordPress’ core leadership is reluctant to bump the minimum requirements. Only 8% of sites are on PHP 7+, as hosting companies are slowly adding support.

“Because web hosts are not upgrading PHP, we have decided to start pushing this from within plugins,” de Valk said. He contends that the WordPress ecosystem is losing good developers because the project is moving too slowly. He also makes the case for security and speed.

“WordPress is sometimes said to be slow, but it actually doesn’t have to be slow at all,” de Valk said. “If it’s running on old versions of PHP, however, it is, most certainly, slow. PHP 5.2 is more than 100% slower than PHP 5.6, and a whopping 400% slower than PHP 7.”

De Valk decided to throw the weight of Yoast SEO, which he estimates to be 6.5 million active installs, behind the movement to push hosts to upgrade their customers to PHP 7. The latest release of the plugin displays a notice to WordPress administrators running sites on PHP 5.2, urging them to upgrade to PHP 7. The notice is “big, ugly, and non-dismissible,” de Valk said. It is generated by an error that auto-resolves when the user fixes their outdated PHP version.

“The notice will also encourage people to contact their host if they don’t know how to upgrade their PHP,” de Valk said. “Yes, this could be painful for some hosts. This notice is deliberately intended to make them work.”

De Valk said the plugin will start displaying the notices for PHP 5.2 and will add 5.6 as soon as it is no longer supported. Through experience with his customers, de Valk has found that outdated, slower versions of PHP are damaging Yoast SEO and WordPress’ reputations, as neither are optimized for PHP 5.2. Although older versions are not holding the plugin back from new features, it makes it difficult for the team to clean up the code.

“There aren’t many features I cannot build right now, but code quality is suffering because we can’t use namespaces, short array notation, etc,” de Valk said.

The Yoast SEO team has created WHIP, a WordPress package to nudge users to upgrade their software versions and made it open source for plugin and theme developers to implement in their own extensions. The project includes a filter for linking to the WordPress.org hosting page, which includes a selection of hosts that offer PHP 7.

Most of the large hosting companies already have documentation for upgrading PHP versions. Ultimately, it’s the end users who will have the power to get more hosting companies on board. De Valk said he doesn’t know how big the impact will be but encourages users to vote with their pocketbooks by leaving hosts that are unwilling to assist in upgrading PHP.

“It might be entirely possible that your host is not willing to work with you,” de Valk said. “If so, think about moving web hosts. A web host provides the engine your site runs on and that better be a damn good engine.”


34 responses to “Yoast SEO 4.5 Urges Users to Upgrade to PHP 7”

  1. Good on Joost for taking this stand. WP SEO has a huge userbase, and that message will be very visible to those that need it.

    I know the WordPress team is reluctant to take drastic steps on this topic. But the situation we are in is partly, if unintentionally, of their own making – by clinging to the tenet of backward compatibility for so long, WordPress has avoided using newer language features, and hosts have gotten complacent in software updates. Outdated themes and plugins is another issue. I know Siteground has already taken the step to make upgrading users to PHP 7 relatively easy, they even provide a tool to scan for and highlight potentially incompatible code.

    WordPress powers 25% of the web. PHP powers a large portion of the web also. WordPress won’t dramatically bump the minimum PHP version unless significant progress is made on PHP upgrades on the web. And the latter might not happen but for the former. The logjam needs to be broken somewhere.

  2. A very good reason to ditch yoast seo from the server if ihis program starts telling users by non-dismissible notifications that they should upgrade the php version on their server. Its their choice and not what Yoast thinks it should be.

    • I think that is why Yoast is doing this with their own plugin I mean they know it will annoy clients and thus they either get upgraded by contacting the host / admin / IT person etc. But they are willing to risk it for what they think is a better future for their plugin and WordPress in general.

      People still have choices like 3 main choices I see:

      1. Upgrade their php if host supports.
      2. Remove yoast and use another plugin.
      3. Host / admin / IT person will either create a plugin or some code to hide the notice.

      Also the option of ignoring it is going to be real as well for those people that don’t log into backend often or had someone else setup their website and are not actually admin role means they won’t see it.

  3. Maybe this is exactly what people need, a big, ugly, non-dismissable notice to get upgraded. People have been clamoring for WordPress to do something similar for years but the project refuses to do so because ultimately, WordPress should work and the end user shouldn’t need to know or care what version of PHP their site is using.

    I think this is a useful experiment and it will be interesting to hear from Yoast 6-9 months from now if the notice is having any impact. WordPress SEO has the ability to send this type of data back to Yoast so I’m sure he’ll be able to see the difference if there is one.

  4. I’m a web host but not of your typical kind. I work in higher education. I’ve got a small team that does web development, server management and supports the user base of 200 editors on all our WordPress sites.

    Higher education and enterprise is not going to take kindly of seeing non-dissemble in your face warnings to update to the latest PHP. Personally we have all servers at PHP 5.6 and we’re looking at implementing 7 but we’re not there yet.

    I feel for the big hosts but as their full-time job is managing fleets of servers and server software they should be able to do this and get it right. I personally have sites with a shared host and they’ve gotten it right with php 7 and I appreciate that.

    I just think for the needs of enterprise and higher education where we can’t move quickly and this isn’t our full time job managing servers and ensuring the stack is at the latest and greatest, we shouldn’t be penalised with these non-dismissble messages.

    I for one, will be reevaluating if Yoast SEO is installed on my sites.

  5. This is great to see! After learning that there is no clear roadmap for WordPress moving away from the old, insecure PHP versions, I thought about creating such package myself.
    Yoast SEO definitely has a big enough user base to make a difference, and I hope other popular plugins follow.

    I do see that it’s an annoyance to get such a notice on your site, but I bet most aren’t even aware that they’re using (and probably paying for) an insecure version of PHP.

    By using Freemius in Content Aware Sidebars, I can see that less than 2% of the sites using the plugin runs on PHP 5.2 and more than 50% are on PHP 5.6+.

  6. A web host provides the engine your site runs on and that better be a damn good engine.

    I certainly agree with that. Not only good, but secure. As a WordPress host, security is one of our priorities and we have had PHP 7 in place on all of our servers (as well as PHP 5.6) for a long time.

    Using insecure versions of software, whether back end or front end, is essentially just asking to be hacked. We of course find cases on a fairly regular basis of sites with insecure front end software being hacked, and cleaning them up is not always easy. :(

    Security first means less headaches later. :)

  7. Interesting. I own a hosting company, and we don’t offer < PHP 7.0 or 7.1 at this point. I dislike nag messages, but understand why Yoast is doing this. I would add that it's unusual to run into PHP 7 incompatibility problems for site owners using legitimately coded plugins The benefits are significant. Not sure I understand the clawing some do to hang on to deprecated versions of stacks, other than maybe a culture of laziness and refusal to adopt reasonable standards.

    • Php 7.x issues exist only because theme and plugin developers do not follow the new php 7 coding way. These developers should have updated their code a long time ago as most of the notifications have been in their development environment since php 5.4. So they knew already they should improve their coding. But even wordpress itself who includes f.e the wordpress importer plugin has still not undertaken any steps to make it php 7 compatible regardless of all the suggestions in the plugins reported issues threads. It is unbelievable that users are reporting fixes and they are simply ignored. And then their are so many scripts and plugins that are abandonned by the developers but their code are still used by themes and other plugins. It is a long way to go. WP should just stop working on old 5.x php versions. That would immediately cause all hosters to update or loose their clients. I asked my hoster to update a server. I got a answer it was a old server and they would move all clients to a new one soon. That was 2 years ago and it still did not happen. Btw woocommerce is already doing this for a long time telling people that their php version is not ok.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: