PHP 5.x - old people here (wrong) place
The hosting industry is inextricably linked with PHP, where more than 80% of sites on the Internet are fully or partially written. This greatly influences the development of any software designed for hosting - including such as the Plesk control panel. We make a product for automating server management, creating and configuring websites and applications, and therefore for using PHP. One of our key tasks is the need to maintain already outdated versions of PHP - the hosting services sector, like any large market, is rather inert, and the transition to the new PHP is extremely slow. Despite the fact that Plesk provides users with the most recent versions of PHP within 48 hours after their release, millions of sites continue to work on older versions, so the demand for solutions that can provide their support remains high. It is for this reason that Plesk continues to support EOLed branches up to PHP 5.2 inclusive.
At the same time, we are aware that the risk of using outdated versions of PHP is not only poor performance and poor functionality, but also potential vulnerabilities that can arise at any time and cost the site owner very expensive. If you don’t push your clients to upgrade at least to PHP 5.6, then in the event of a vulnerability, for example, in PHP 5.2, thousands of sites may follow it and you will be accused of using unsafe software. Therefore, starting with the new version of Plesk Onyx 17.8, which was released in early March 2018, outdated versions of PHP are marked as Outdated in the interface.
We decided that we can completely stop supporting the old PHP by making sure that the percentage of sites working on it is negligible - in this case, this step will not cause frustration among an arbitrarily significant part of the user audience. To this end, we conducted a statistical study to determine which versions of PHP are most popular among Plesk users. His results are very curious, in our opinion, we want to share.
Information about which PHP sites of our clients work on, we began to analyze relatively recently. It compiles for the last two releases of Plesk Onyx and covers about 15% of the sites running on these versions of Plesk. The statistics did not include the old versions of Plesk, where, perhaps, the older PHP is used, but this does not seem to us a big problem. The information collected about the preferences of people using the latest versions of Plesk (which means that they are the most loyal to the product part of the audience), is in itself extremely indicative. We cannot make people who use unsupported versions of the product on unsupported axes update - moreover, in their situation, the old PHP is most likely not the biggest problem. Sooner or later, these users will switch to new versions of Plesk, and then their sites will be accessible to our analytics.
')
Currently the latest versions of PHP are versions 7.1 and 7.2. They are actively supported by the manufacturer, which implies regular updates with bugfixes and fixes for detected vulnerabilities. Versions 5.6 and 7.0 are marked by the vendor as security fixes only - only critical security issues are fixed. Finally, PHP 5.4 and 5.5 are not supported in any form from 2016, their users are encouraged to switch to more recent versions as soon as possible in order to avoid possible problems with the security of sites. Let's take a look at how these recommendations are being followed and what users are most afraid of — update PHP or become a victim of another vulnerability.
At the beginning of March 2018, the ratio of PHP versions for all sites that have been sampled and working on Plesk looked like this:
As you can see, in general, things are not brilliant - the versions recommended by the vendor did not make it to the top - moreover, they were generally in the tail. The next logical question is: how does this picture differ from country to country? The largest countries where Plesk’s popularity is traditionally high are Germany, the United States and Spain. Let's start with them.
Germany is not in a hurry to update PHP - the top three in this country was formed by PHP 5.5 (33% of websites), PHP 5.6 (24%) and PHP 7.0 (13%). On recommended versions 7.1 and 7.2 only 8% of sites work.
At first glance, the United States may seem even more conservative. In the first place came PHP 5.4 (28%), but PHP 5.6 breathes in its back, a comparative share of which is higher than in Germany - 27%. Interestingly, the most popular in Germany, version 5.5 in the United States is used only on 7% of sites.
In Spain, everything is somewhat more cheerful: 36% of the sites work on PHP 5.6 - not the most recent, but at least the supported version. The second place is in PHP 5.4 (22%), the third is already traditionally behind version 7.0 (14%).
It is curious that in each of these three countries, the first place in the popularity rating belonged to different versions. This led us to the idea of ​​creating a summary table, where each country in the sample corresponds to the most popular version of PHP in it. The results are in front of you:
In the nomination "The most advanced country" Lithuania won - the most sites (38%) work on version 7.1! PHP 7.1 has not yet succeeded in repeating its success anywhere - in all other countries neither version 7.1 nor version 7.2 has risen above 4th place.
Next in the ranking of “advancement” are South Korea and Denmark, where the most popular version of PHP is 7.0 (51% and 34%, respectively). This version of PHP was in second place in the Netherlands (19%), Austria (17%) and the Czech Republic (13%), yielding only PHP 5.6 (by the way, as many as 65% of websites work in 5.6 in the Czech Republic).
What is happening in Russia? Alas, outdated and insecure PHP is a reality in our country. The championship with a large margin for PHP 5.4 (45%), a similar situation with Ukrainian sites (24%), but Belarus was more modern - in the first place PHP 5.6 (40%). In Kazakhstan, the first place is occupied by PHP 5.5 (32%).
Things are even worse in Japan and Greece - PHP 5.3 is leading there (30% and 37% of all sites, respectively). But China turned out to be the most conservative: 44% of the sites here work on PHP 4.4! This we have not met in any other country.
In total, 77% of sites operate on obsolete versions of PHP in China. According to this indicator, only Mexico is ahead of it - 78%. Russia is in third place (67% of sites), top 5 fans of old PHP are Kazakhstan (65%) and Japan (63%).
The rating of the most conscious countries with the largest share of sites in fresh PHP (5.6 and newer) is headed by South Korea - 85% of the sites. The Czech Republic ranks second (84%), Sweden takes the third place (83%), then the gap begins to grow - Iran ranks fourth (73%), Denmark - fifth (69%).
These statistics clearly indicate that it is too early to talk about the discontinuation of support for PHP versions 5.6 and not only in Russia. At the same time, as already mentioned at the beginning of the article, it is definitely worthwhile to gently push people in this direction. For its part, Plesk is trying to make the transition to the new PHP as comfortable and painless as possible. Warning about obsolete PHP, we do the following:
These steps are already beginning to bear fruit - a month while this article was being written, in the total sample for all countries, PHP 7.0 came out in third place, displacing PHP 5.5 from the top three. This means that we are going in the right direction - we hope that everyone else will move in the direction of a safe web'a with us. If you have any reasons why you prefer the old PHP to the new, please share them in the comments.
At the same time, we are aware that the risk of using outdated versions of PHP is not only poor performance and poor functionality, but also potential vulnerabilities that can arise at any time and cost the site owner very expensive. If you don’t push your clients to upgrade at least to PHP 5.6, then in the event of a vulnerability, for example, in PHP 5.2, thousands of sites may follow it and you will be accused of using unsafe software. Therefore, starting with the new version of Plesk Onyx 17.8, which was released in early March 2018, outdated versions of PHP are marked as Outdated in the interface.
We decided that we can completely stop supporting the old PHP by making sure that the percentage of sites working on it is negligible - in this case, this step will not cause frustration among an arbitrarily significant part of the user audience. To this end, we conducted a statistical study to determine which versions of PHP are most popular among Plesk users. His results are very curious, in our opinion, we want to share.
Information about which PHP sites of our clients work on, we began to analyze relatively recently. It compiles for the last two releases of Plesk Onyx and covers about 15% of the sites running on these versions of Plesk. The statistics did not include the old versions of Plesk, where, perhaps, the older PHP is used, but this does not seem to us a big problem. The information collected about the preferences of people using the latest versions of Plesk (which means that they are the most loyal to the product part of the audience), is in itself extremely indicative. We cannot make people who use unsupported versions of the product on unsupported axes update - moreover, in their situation, the old PHP is most likely not the biggest problem. Sooner or later, these users will switch to new versions of Plesk, and then their sites will be accessible to our analytics.
')
Currently the latest versions of PHP are versions 7.1 and 7.2. They are actively supported by the manufacturer, which implies regular updates with bugfixes and fixes for detected vulnerabilities. Versions 5.6 and 7.0 are marked by the vendor as security fixes only - only critical security issues are fixed. Finally, PHP 5.4 and 5.5 are not supported in any form from 2016, their users are encouraged to switch to more recent versions as soon as possible in order to avoid possible problems with the security of sites. Let's take a look at how these recommendations are being followed and what users are most afraid of — update PHP or become a victim of another vulnerability.
At the beginning of March 2018, the ratio of PHP versions for all sites that have been sampled and working on Plesk looked like this:
As you can see, in general, things are not brilliant - the versions recommended by the vendor did not make it to the top - moreover, they were generally in the tail. The next logical question is: how does this picture differ from country to country? The largest countries where Plesk’s popularity is traditionally high are Germany, the United States and Spain. Let's start with them.
Germany
Germany is not in a hurry to update PHP - the top three in this country was formed by PHP 5.5 (33% of websites), PHP 5.6 (24%) and PHP 7.0 (13%). On recommended versions 7.1 and 7.2 only 8% of sites work.
USA
At first glance, the United States may seem even more conservative. In the first place came PHP 5.4 (28%), but PHP 5.6 breathes in its back, a comparative share of which is higher than in Germany - 27%. Interestingly, the most popular in Germany, version 5.5 in the United States is used only on 7% of sites.
Spain
In Spain, everything is somewhat more cheerful: 36% of the sites work on PHP 5.6 - not the most recent, but at least the supported version. The second place is in PHP 5.4 (22%), the third is already traditionally behind version 7.0 (14%).
It is curious that in each of these three countries, the first place in the popularity rating belonged to different versions. This led us to the idea of ​​creating a summary table, where each country in the sample corresponds to the most popular version of PHP in it. The results are in front of you:
| Country | Most popular PHP version |
|---|---|
| Australia | 5.6 |
| Austria | 5.6 |
| Belarus | 5.6 |
| Brazil | 5.6 |
| Canada | 5.6 |
| China | 4.4 |
| Czech Republic | 5.6 |
| Denmark | 7.0 |
| Estonia | 5.6 |
| Finland | 5.3 |
| France | 5.6 |
| Germany | 5.5 |
| Great Britain | 5.6 |
| Greece | 5.3 |
| India | 5.4 |
| Iran | 5.6 |
| Italy | 5.6 |
| Japan | 5.3 |
| Kazakhstan | 5.5 |
| Korea | 7.0 |
| Latvia | 5.4 |
| Lithuania | 7.1 |
| Mexico | 5.4 |
| Netherlands | 5.6 |
| Norway | 5.6 |
| Poland | 5.6 |
| Romania | 5.6 |
| Russia | 5.4 |
| Spain | 5.6 |
| Sweden | 5.6 |
| Turkey | 5.4 |
| Ukraine | 5.4 |
| United States | 5.4 |
In the nomination "The most advanced country" Lithuania won - the most sites (38%) work on version 7.1! PHP 7.1 has not yet succeeded in repeating its success anywhere - in all other countries neither version 7.1 nor version 7.2 has risen above 4th place.
Next in the ranking of “advancement” are South Korea and Denmark, where the most popular version of PHP is 7.0 (51% and 34%, respectively). This version of PHP was in second place in the Netherlands (19%), Austria (17%) and the Czech Republic (13%), yielding only PHP 5.6 (by the way, as many as 65% of websites work in 5.6 in the Czech Republic).
What is happening in Russia? Alas, outdated and insecure PHP is a reality in our country. The championship with a large margin for PHP 5.4 (45%), a similar situation with Ukrainian sites (24%), but Belarus was more modern - in the first place PHP 5.6 (40%). In Kazakhstan, the first place is occupied by PHP 5.5 (32%).
Things are even worse in Japan and Greece - PHP 5.3 is leading there (30% and 37% of all sites, respectively). But China turned out to be the most conservative: 44% of the sites here work on PHP 4.4! This we have not met in any other country.
In total, 77% of sites operate on obsolete versions of PHP in China. According to this indicator, only Mexico is ahead of it - 78%. Russia is in third place (67% of sites), top 5 fans of old PHP are Kazakhstan (65%) and Japan (63%).
The rating of the most conscious countries with the largest share of sites in fresh PHP (5.6 and newer) is headed by South Korea - 85% of the sites. The Czech Republic ranks second (84%), Sweden takes the third place (83%), then the gap begins to grow - Iran ranks fourth (73%), Denmark - fifth (69%).
These statistics clearly indicate that it is too early to talk about the discontinuation of support for PHP versions 5.6 and not only in Russia. At the same time, as already mentioned at the beginning of the article, it is definitely worthwhile to gently push people in this direction. For its part, Plesk is trying to make the transition to the new PHP as comfortable and painless as possible. Warning about obsolete PHP, we do the following:
- we take into account in the default settings which PHP is supplied by the vendor of the operating system;
- if the OS vendor does not provide the most recent version of PHP, supplement the set of PHP handlers and provide a complete set, including old and new versions;
- on new installations, we offer the latest versions of PHP (but do not switch to them automatically when upgrading from old versions of Plesk, so as not to break the working sites).
These steps are already beginning to bear fruit - a month while this article was being written, in the total sample for all countries, PHP 7.0 came out in third place, displacing PHP 5.5 from the top three. This means that we are going in the right direction - we hope that everyone else will move in the direction of a safe web'a with us. If you have any reasons why you prefer the old PHP to the new, please share them in the comments.
Source: https://habr.com/ru/post/352408/
All Articles