After a discussion with the other project leaders, I’ve just posted guidelines for BP’s PHP version support policy. You can dig into that document for the gory details. For the purposes of this post, here’s a summary:
- BuddyPress promises full support for all versions of PHP supported by the PHP team (currently, 5.6.x and 7.0.x), and strongly encourages that all sites run a supported version
- BuddyPress supports certain legacy PHP versions, until the cost-benefit ratio for supporting a given version suggests that it should be dropped
Spelling out that second bullet point. At the beginning of each dev cycle, we’ll decide as a team whether to drop official support for any legacy versions for the following major version.
Currently, we’re starting the 2.7 dev cycle, which means we’re making decisions about 2.8. Here’s the decision:
BuddyPress 2.8 will require at least PHP 5.3.x.
Thanks in part to coordination between the WordPress core team and web hosts, PHP 5.2.x use has declined significantly over the last few years. The wordpress.org stats page tells part of this story. Under the assumption that a good portion of PHP 5.2 sites are old and unmaintained (and thus, from a practical point of view, unaffected by BP updates), the wordpress.org team provided us with some more specific numbers. Here’s a recent PHP version breakdown for sites running a version of BuddyPress greater than 2.0:
Unknown - 1.08% 5.2 - 3.23% 5.3 - 12.92% 5.4 - 34.44% 5.5 - 22.38% 5.6 - 23.02% 7.0 - 2.92%
The number of sites affected by dropping support for 5.2 is quite low, well below the informal 5% threshold sometimes mentioned by members of the WordPress and BuddyPress teams.
Coupled with these numbers is the recognition that PHP 5.3 introduced features that have a meaningful effect on our ability to write a modern PHP application: namespaces, closures, guaranteed access to SPL, late static binding, and so on. As BuddyPress aims to build a major new feature – a REST API – it frees us up significantly to be able to take advantage of these and other features unavailable in PHP 5.2.
Security and best practices
Why are we not bumping requirements all the way to PHP 5.6, the oldest version still receiving security updates? As indicated by the numbers above, this change would mean forcefully obsolescing nearly three quarters of all BuddyPress sites. For many (most?) people running BuddyPress, updating PHP is emphatically not a simple task. As such, we would simply lose these users, or cause them to stay on old and unsupported versions of BuddyPress. We support WP’s ongoing, progressive efforts to work with webhosts to move sites off of old versions of PHP.
It’s likely that anyone reading this site is already running a modern version of PHP on their sites and their client sites. But just in case: you are encouraged in the strongest possible terms to run a supported version of PHP.