Some might say that nothing lasts forever on the web. And change may be the only constant change. Favorite websites come and go, as do tools and technologies. Sure, there’s some truth to those statements – but it’s also more complicated.
You see, things never really go away as long as they go in the background. The website that used to be redeemed with traffic may be a ghost town. And it’s just as likely that the technology behind that site is also sitting there gathering dust.
But it’s not just those old, unserved sites that have problems. There are also cases where a mission-critical website relies on outdated software. That could be anything from an abandoned WordPress plugin to an unsupported version of PHP.
It is far from an ideal situation. And there are many problems that can arise from sticking to these old standbys. But, it is also the reality of the modern web. As fast as the new technology comes to get the spotlight, the old continues to get stuck in the shadows.
The problem is complex – and so are the possible solutions. Is it even possible to get rid of the web of these dinosaurs?
Why Do Websites Continue to Use Legacy Code?
When you picture a website that uses legacy code – what comes to mind? Maybe it’s a blog that hasn’t seen new content in a few years. Or a deficient online community. You could even consider a dormant business site.
The common thread of these examples is that they are probably small and inexpensive websites (perhaps free). Entities frozen in time.
Now consider a large, heavily customized enterprise site. It may include custom functionality that enables customers to pay their bills. It could be a custom WordPress plugin that facilitates a specific workflow for your team members.
Custom functionality is expensive and time consuming to produce. And in some cases, it can be fragile. It may depend on a method or feature that is not supported in newer versions of its dependent software. For example, an application built for PHP 5 may no longer work in PHP 8.
And while a developer (or a team of them) can refactor the code – it’s not always easy or within a given budget. Like the old stories of corporate users who kept Internet Explorer 6 around long after time, legacy code can last for years.
The bottom line is that outdated software is still in active use. That is true at both the high and low ends of the scale.
Two Main Examples: PHP and WordPress
Usage statistics change regularly – and will undoubtedly change after this article is published. But two trends, in particular, are prime examples of outdated software in action: PHP and WordPress.
Is PHP 5 and 7 still out there
As of this writing, the latest version of PHP is 8.1. It was released in November 2021, and security updates are scheduled to end in November 2024. Version 8.0 was released in November 2020 (security updates end in November 2023). Version 7.4 was released worldwide in November 2019 (security updates are completed in November 2022).
So, versions 8 and above have been with us for several years. But according to W3Techs PHP usage statistics, just over 6% of sites surveyed are running PHP 8 or 8.1. Meanwhile, 70% are using some flavor of PHP 7, and nearly 23% are still running PHP 5 (which ended support in 2018).
The transition between major versions of PHP is usually slow. That’s probably due in part to compatibility changes. WordPress and its ecosystem, for example, had a long road to full support for PHP 8.
Additionally, web hosts have traditionally not pushed customers too hard to upgrade (more on that in a bit). At the same time, website owners range from being ignorant of PHP to not worrying too much about upgrading.
In short: there was little urgency. Or, it’s not enough to turn the tide and get more websites using the latest version.
PHP version statistics from W3Techs, as of November 2022
WordPress 4 and 5 Live On
As we go to press (pun intended), WordPress 6.1 has been released. It is the latest version of the most popular content management system (CMS) known to mankind.
And according to W3Techs WordPress usage statistics, nearly 60% of surveyed sites are using version 6 or higher. It’s much higher than the usage rates for PHP 8. That’s probably not too surprising, though.
In comparison, updating WordPress is easier and can even be automated. Site owners and those responsible for maintenance don’t have to lift a finger to upgrade. Managed hosting providers can also take care of it. And WordPress is known to value backward compatibility, so a major problem is less likely to occur.
But outdated versions are still hanging in there. Version 5 powers 34% of installations, while over 6% of installations adhere to version 4.
If there is any good news, it is that WordPress core continues to release security updates for some older versions of the software. However, these sites miss out on new features and performance improvements. Not to mention potential theme and plugin compatibility issues. Oh, and they’re unlikely to work with the latest version of PHP.
It is also worth noting that these statistics do not account for websites with outdated or abandoned plugins and themes. That could be a whole different galaxy worth exploring, but just as relevant. This is where most of the security issues related to WordPress come from.
WordPress version statistics from W3Techs, as of November 2022
Why This Is a Concern
The term “outdated software” can conjure up all kinds of nightmares. Someone shopping online with a patchless version of Windows XP comes to mind. It may work, but there are many risks involved in continuing to use it.
Security is paramount. This is because a version of PHP that is no longer receiving security updates is a risk. Attacks that could be easily stopped with newer versions could damage a legacy setup.
But so is employing an old JavaScript library or server utility that has an open security flaw. Dependencies of all stripes can be dangerous, after all. The recent Log4j vulnerability is just one of many reminders.
Then there are efficiency and performance issues. Outdated software that lacks these improvements can negatively impact user experience, SEO and energy consumption.
And the more out of date the software is, the more difficult (and more expensive) it could be to stay up to speed in the future. Each subsequent version can add obstacles to the process.
Some Web Hosts are Experiencing the Issue
A web host has a role to play in helping their customers implement new software. And some are becoming more aggressive in these efforts.
PHP was the main target. Some hosts will allow customers to continue running an unsupported version but have started charging an extra fee. This may result in higher support costs for customers using outdated software. At the very least, it’s a way to convince users to upgrade.
Still, others have taken a harder line. They will notify customers using an outdated PHP version and give them a scheduled upgrade date. From there, the site is upgraded regardless of whether or not it has been patched for the new version.
It remains to be seen how effective these measures will be. But cleaning up outdated software is a huge undertaking. So, someone needs to get the ball rolling. The hosts are able to do that.
Out with the Old?
At 30+ years old, there is an incalculable amount of software hosted on the web. Think of all the apps – big and small – that have been downloaded and installed on servers over time. No wonder some of them were left in place well past their expiration date.
Sometimes this legacy code is not needed – other applications depend on it. But it could also happen simply because the site owner is not aware of the situation. It may be that no one has contacted them regarding an upgrade.
In either case, they are the resources needed to increase modernization efforts. At the enterprise level, this means dedicated time and money to keep things evolving with newer versions.
On the lower rungs of the ladder, education is a key factor. Web hosts are beginning to understand the importance of keeping customers informed. And web designers should do the same.
It starts by informing clients where they stand, the dangers of using outdated software, and the benefits of upgrading. From there, they can make informed decisions.
One upgraded site won’t change the world. But each is a tiny step towards a safer web that can take advantage of the latest technologies.
