Some might say that nothing lasts forever on the web. And that maybe change is the only constant. Favorite websites come and go, as do tools and technologies. Sure, there’s some truth to those statements – but it’s also more complicated.
You see, things don’t really go away so much as they fade into the background. The website that used to be buzzing with traffic might turn into a ghost town. And it’s just as likely that the technology behind that site is also sitting there collecting dust.
But it’s not just those old, unattended sites that have issues. There are also situations where a mission-critical website relies on outdated software. That could be anything from an abandoned WordPress plugin to an unsupported version of PHP.
It’s far from an ideal situation. And many potential problems can arise from sticking with these old standbys. Yet, it’s also the reality of the modern web. As quickly as new tech arrives to grab the spotlight, the old continues to lumber along in the shadows.
The problem is complex – and so are the potential solutions. Is it even possible to rid the web of these dinosaurs?
Why Do Websites Continue to Use Legacy Code?
When you picture a website that uses legacy code – what comes to mind? Maybe it’s a blog that hasn’t seen new content in a few years. Or a defunct online community. You might even think of a dormant business site.
The common thread of these examples is that they’re likely small and inexpensive (perhaps free) websites. Entities that are frozen in time.
Now consider a large enterprise site that is heavily customized. Maybe it includes bespoke functionality that enables customers to pay their bills. There could be a custom WordPress plugin that facilitates a specific workflow for team members.
Custom functionality is expensive and time-consuming to produce. And in some cases, it can be fragile. It might rely on a method or feature that isn’t supported in newer versions of its dependent software. For example, an application that was built for PHP 5 may no longer work in PHP 8.
And while a developer (or a team of them) can refactor the code – it’s not always easy or fits within a given budget. Much like the old stories of corporate users who kept Internet Explorer 6 around long after its time, legacy code can live on for years.
The bottom line is that outdated software very much remains in active use. That’s true at both the high and low ends of the scale.
Two Prime Examples: PHP and WordPress
Usage statistics change regularly – and they will undoubtedly shift after this article has been published. But two trends, in particular, are prime examples of outdated software in action: PHP and WordPress.
PHP 5 and 7 Are Still Out There
As of this writing, the latest version of PHP is 8.1. It was released in November 2021, and security updates are scheduled to end in November 2024. Version 8.0 was released in November 2020 (security updates end in November 2023). Version 7.4 was sent out into the world in November 2019 (security updates end in November 2022).
Thus, versions 8 and above have been with us for several years. Yet according to W3Techs’ PHP usage statistics, just over 6% of the sites surveyed are running PHP 8 or 8.1. Meanwhile, 70% are using some flavor of PHP 7, and nearly 23% are still running PHP 5 (which ended support in 2018).
The transition between major versions of PHP tends to be a slow one. That’s likely due in part to changes in compatibility. WordPress and its ecosystem, for example, have had a long road toward full support for PHP 8.
Plus, web hosts haven’t traditionally pushed customers too hard to upgrade (more on that in a bit). At the same time, website owners range from being unaware of PHP to not being overly concerned about upgrading.
In short: there has been little sense of urgency. Or, not enough of it to turn the tide and get more websites using the latest version.
WordPress 4 and 5 Live On
As we go to press (pun intended), WordPress 6.1 has been released. It’s the latest version of the most popular content management system (CMS) known to humankind.
And according to the W3Techs WordPress usage statistics, nearly 60% of surveyed sites are using version 6 or above. It’s significantly higher than the usage rates for PHP 8. That’s probably not too surprising, though.
By comparison, updating WordPress is easier and can even be automated. Site owners and those responsible for maintenance don’t necessarily have to lift a finger to upgrade. Managed hosting providers may also take care of it. And WordPress is known to value backward compatibility, so there’s less chance of a major issue occurring.
But outdated versions are still hanging in there. Version 5 powers 34% of installs, while over 6% of installs cling to version 4.
If there’s any good news, it’s that WordPress core continues to release security updates for several older versions of the software. Still, these sites lose out on new features and performance enhancements. Not to mention possible theme and plugin compatibility issues. Oh, and it’s unlikely they’ll work with the latest version of PHP.
It’s also worth noting that these statistics don’t account for websites running outdated or abandoned plugins and themes. That could be an entirely different galaxy worth exploring, yet just as relevant. This is where the majority of WordPress-related security issues originate.
Why This Is a Concern
The term “outdated software” can conjure up all sorts of nightmare visions. A person shopping online with an unpatched version of Windows XP comes to mind. It might work, but there are a lot of risks in continuing to use it.
Security is of paramount concern. It stands to reason that using a version of PHP that is no longer receiving security updates is a risk. Attacks that might be easily stopped with newer versions could do damage to a legacy setup.
Then there are issues of efficiency and performance. Outdated software that lacks these enhancements can negatively impact user experience, SEO, and energy consumption.
And the more outdated the software, the harder (and more expensive) it may be to get up to speed in the future. Each subsequent version can add obstacles to the process.
Some Web Hosts Are Forcing the Issue
Web hosts have a role to play in helping their customers implement new software. And some are becoming more aggressive in these efforts.
PHP has been a primary target. Some hosts will allow customers to continue running an unsupported version but have begun charging an extra fee. This could be a result of higher support costs for customers using outdated software. At the very least, it’s a way to convince users to upgrade.
Still, others have taken a more hardline stance. They’ll notify customers that use an outdated PHP version and provide them with a scheduled upgrade date. From there, the site is upgraded regardless of whether it has been tested or patched for the new version.
It remains to be seen how effective these measures will be. But cleaning up outdated software is a massive undertaking. Thus, someone must get the ball rolling. Hosts are well-positioned to do so.
Out with the Old?
At 30+ years old, the web has hosted an incalculable amount of software. Consider all the apps – large and small – that have been downloaded and installed on servers over time. It’s no wonder that some were left in place well past their expiration date.
Sometimes this legacy code sticks around out of necessity – other applications depend on it. But it might also happen simply because a site’s owner isn’t aware of the situation. No one may have approached them regarding an upgrade.
In either case, resources are what’s needed to increase modernization efforts. At the enterprise level, this means dedicated time and money to keep things evolving with newer versions.
On the lower rungs of the ladder, education is a key factor. Web hosts are starting to realize the importance of keeping customers informed. And web designers should do the same.
It starts by letting clients know where they stand, the dangers of using outdated software, and the benefits of upgrading. From there, they can make informed decisions.
No, a single upgraded site won’t change the world. But each is a tiny step towards a safer web that can take advantage of the latest technologies.