WPupdatePHP is a project by Coen Jacobs to evangelize the need for people to use modern PHP versions for their WordPress installs. It’s both a website and a script people can include in their plugins, to function like BrowseHappy does.
Coen hasn’t really announced this project officially that I know of, but I did talk to him about it the first week in January. At that time, I brought up some of my concerns on Skype, which I’ll list here verbatim:
- The core team is pretty adamant that this is a host issue not a user issue. Not that that should prevent non-official entities from doing whatever they want
- This is too developer-y with the content. Need to be uber basic for users.
- I’d make sure to highlight you aren’t affiliated w/ either PHP or WP in an official capacity.
Coen disagrees with point #1. He does say, however, that he’s recommending WPupdatePHP be used for new plugins, not existing ones.
For my second point that the site is too developer centric, he built a landing page to address it. I still think it misses the mark.
Third, though he now highlights that he’s not affiliated with PHP, I believe Coen’s project is a pretty direct violation of the PHP license.
3. The name “PHP” must not be used to endorse or promote products from this software without prior written permission. For written permission, please contact [email protected].
That’s from the 3.01 version of the license, as shown on Wikipedia. While Coen’s project isn’t commercial, I think it’s still not compatible. I believe the PHP Group does protect this part of the license, as I recall it being the reason PHPurchase rebranded to Cart66, which I wrote about in 2011.
I think Coen’s intentions are good, but WPupdatePHP misses the mark. I agree with the core team that this issue should be tackled at the host level — and not with mandates, but with relationships and education. From there, the hosts can work on ways to educate their users for the benefits of updating.
For managed hosting environments, hosts can update their users without opt-in, but a large host made an interesting point to me recently that they didn’t feel it was right to force upgrades on non-managed clients, where the upgrades were certain to break some software applications.
I don’t know that I agree with that either; perhaps there is a middle ground. Anyway, I don’t think nagging users with a script like this will move the needle.
This is a very cool looking tool that I will have to checkout. At CalderaWP we are tackling this issue since our plugins do not support 5.2. We built in a check that throws and admin notice or bootstraps the plugin, based on a version compare of PHP version and we also put a notice on our checkout page about it. We will see how it goes.
I strongly disagree with the core team that this is not a user issue and think that is a condescending attitude. Sure, not every user knows what the problem with PHP 5.2 and 5.3 is, but it’s a super simple education step: “Upgrading to the latest version of PHP that has not reached end of life, 5.4 or later will make your site faster and more secure. Please contact your hosting provider or system administrator if you do not know how to do this.” is all it takes.
There was a version of Pods recently that broke backwards compat with 5.2 an anonymous function. We fixed it with a maintenance release. Before we got that update out, we talked to several users of sites that broke when they updated Pods. Everyone was actually really to find out that they could get better performance and security with a few clicks in cPanel.
Right now hosts have no motivation to address this issue. If the next update to WordPress gave users on EOLed version of PHP an admin notice informing them that their version of PHP was not only out of date, slow & insecure, but that the next version of WordPress would not support it, than hosts would be getting a lot of motivation from paying customers to fix the problem. And since they would know this was coming in advance, smart hosts would be proactive about it.
Last thing before : Not sure anyone noticed but, Nacin updated the PHP and MYSQL requirements on https://wordpress.org/about/requirements/ and in the WordPress readme to include “recommended versions.” It’s a step in the right direction. The related Slack log and meta trac tickets actually show some fun #wpdrama, with a happy results.