The Web Has an Outdated Software Problem

Nov 21, 2022

Some might say that nothing lasts perpetually on the internet. And that perhaps change is the one constant. Favorite web sites come and go, as do tools and technologies. Sure, there’s some truth to those statements – however it’s also more complicated.

You see, things don’t really go away a lot as they fade into the background. The web site that was buzzing with traffic might turn right into a ghost town. And it’s just as likely that the technology behind that site can also be sitting there collecting dust.

But it surely’s not only those old, unattended sites which have issues. There are also situations where a mission-critical website relies on outdated software. That might be anything from an abandoned WordPress plugin to an unsupported version of PHP.

It’s removed from a perfect situation. And plenty of potential problems can arise from sticking with these old standbys. Yet, it’s also the truth of the trendy web. As quickly as recent tech arrives to grab the highlight, the old continues to lumber along within the shadows.

The issue is complex – and so are the potential solutions. Is it even possible to rid the net of those dinosaurs?

The Web Designer Toolbox

Unlimited Downloads: HTML & Bootstrap Templates, WordPress Themes & Plugins, and far, way more!

Why Do Web sites Proceed to Use Legacy Code?

Whenever you picture a web site that uses legacy code – what involves mind? Possibly it’s a blog that hasn’t seen recent content in a number of years. Or a defunct online community. You may even consider a dormant business site.

The common thread of those examples is that they’re likely small and cheap (perhaps free) web sites. Entities which can be frozen in time.

Now consider a big enterprise site that’s heavily customized. Possibly it includes bespoke functionality that permits customers to pay their bills. There might be a custom WordPress plugin that facilitates a selected workflow for team members.

Custom functionality is pricey and time-consuming to provide. And in some cases, it could actually be fragile. It’d depend on a technique or feature that isn’t supported in newer versions of its dependent software. For instance, an application that was built for PHP 5 may now not work in PHP 8.

And while a developer (or a team of them) can refactor the code – it’s not at all times easy or suits inside a given budget. Very similar to the old stories of corporate users who kept Web Explorer 6 around long after its time, legacy code can live to tell the tale for years.

The underside line is that outdated software very much stays in lively use. That’s true at each the high and low ends of the size.

Two Prime Examples: PHP and WordPress

Usage statistics change frequently – and they’re going to undoubtedly shift after this text has been published. But two trends, specifically, are prime examples of outdated software in motion: PHP and WordPress.

PHP 5 and seven Are Still Out There

As of this writing, the newest version of PHP is 8.1. It was released in November 2021, and security updates are scheduled to finish in November 2024. Version 8.0 was released in November 2020 (security updates end in November 2023). Version 7.4 was sent out into the world in November 2019 (security updates end in November 2022).

Thus, versions 8 and above have been with us for several years. Yet in line with W3Techs’ PHP usage statistics, just over 6% of the sites surveyed are running PHP 8 or 8.1. Meanwhile, 70% are using some flavor of PHP 7, and nearly 23% are still running PHP 5 (which ended support in 2018).

The transition between major versions of PHP tends to be a slow one. That’s likely due partially to changes in compatibility. WordPress and its ecosystem, for instance, have had an extended road toward full support for PHP 8.

Plus, web hosts haven’t traditionally pushed customers too hard to upgrade (more on that in a bit). At the identical time, website owners range from being unaware of PHP to not being overly concerned about upgrading.

Briefly: there was little sense of urgency. Or, not enough of it to show the tide and get more web sites using the newest version.

PHP 8 adoption has been slow, according to W3Techs.

PHP version statistics from W3Techs, as of November 2022

WordPress 4 and 5 Live On

As we go to press (pun intended), WordPress 6.1 has been released. It’s the newest version of the most well-liked content management system (CMS) known to humankind.

And in line with the W3Techs WordPress usage statistics, nearly 60% of surveyed sites are using version 6 or above. It’s significantly higher than the usage rates for PHP 8. That’s probably not too surprising, though.

By comparison, updating WordPress is less complicated and might even be automated. Site owners and people chargeable for maintenance don’t necessarily must lift a finger to upgrade. Managed hosting providers might also maintain it. And WordPress is thought to value backward compatibility, so there’s less likelihood of a serious issue occurring.

But outdated versions are still hanging in there. Version 5 powers 34% of installs, while over 6% of installs cling to version 4.

If there’s any excellent news, it’s that WordPress core continues to release security updates for several older versions of the software. Still, these sites lose out on recent features and performance enhancements. Not to say possible theme and plugin compatibility issues. Oh, and it’s unlikely they’ll work with the newest version of PHP.

It’s also price noting that these statistics don’t account for web sites running outdated or abandoned plugins and themes. That might be a completely different galaxy price exploring, yet just as relevant. That is where the vast majority of WordPress-related security issues originate.

 W3Techs notes that over 40% of WordPress installs are using versions 5 and below.

WordPress version statistics from W3Techs, as of November 2022

Why This Is a Concern

The term “outdated software” can conjure up all styles of nightmare visions. An individual shopping online with an unpatched version of Windows XP involves mind. It’d work, but there are numerous risks in continuing to make use of it.

Security is of paramount concern. It stands to reason that using a version of PHP that is not any longer receiving security updates is a risk. Attacks that could be easily stopped with newer versions could do damage to a legacy setup.

But so is employing an old JavaScript library or server utility with an open security flaw. Dependencies of all stripes could be dangerous, in spite of everything. The recent Log4j vulnerability is but one in every of many reminders.

Then there are problems with efficiency and performance. Outdated software that lacks these enhancements can negatively impact user experience, web optimization, and energy consumption.

And the more outdated the software, the harder (and costlier) it could be to get in control in the long run. Each subsequent version can add obstacles to the method.

Outdated software poses a security risk.

Some Web Hosts Are Forcing the Issue

Web hosts have a task to play in helping their customers implement recent software. And a few have gotten more aggressive in these efforts.

PHP has been a primary goal. Some hosts will allow customers to proceed running an unsupported version but have begun charging an additional fee. This might be a results of higher support costs for patrons using outdated software. On the very least, it’s a solution to persuade users to upgrade.

Still, others have taken a more hardline stance. They’ll notify customers that use an outdated PHP version and supply them with a scheduled upgrade date. From there, the location is upgraded no matter whether it has been tested or patched for the new edition.

It stays to be seen how effective these measures might be. But cleansing up outdated software is a large undertaking. Thus, someone must get the ball rolling. Hosts are well-positioned to achieve this.

 Web hosts are warning users that use outdated versions of PHP.

Out with the Old?

At 30+ years old, the net has hosted an incalculable amount of software. Consider all of the apps – large and small – which have been downloaded and installed on servers over time. It’s no wonder that some were left in place well past their expiration date.

Sometimes this legacy code sticks around out of necessity – other applications rely on it. But it surely may also occur just because a site’s owner isn’t aware of the situation. Nobody can have approached them regarding an upgrade.

In either case, resources are what’s needed to extend modernization efforts. On the enterprise level, this implies dedicated money and time to maintain things evolving with newer versions.

On the lower rungs of the ladder, education is a key factor. Web hosts are starting to appreciate the importance of keeping customers informed. And web designers should do the identical.

It starts by letting clients know where they stand, the risks of using outdated software, and the advantages of upgrading. From there, they will make informed decisions.

No, a single upgraded site won’t change the world. But each is a tiny step towards a safer web that may make the most of the newest technologies.