Andre Chun — Developer
Hailing from Hong Kong, Andre is the Michael Jordan of coding.
Making sure your Drupal is up to date is a good start but often people forget about keeping PHP up to date. PHP 5.3 has reached end of life and will no longer have any more security updates in July 2014. It is important to make sure your site is running on a supported version. Please note, it is also important to make sure all your server's other software are up to date (i.e. Apache/Nginx, MySQL, OS, etc...). Running any old unsupported software will leave you exposed. In this blog post I will mostly talk about the options you have for updating PHP.
The Drupal team recently decided to make Drupal 8 require PHP 5.4 or higher. If you are a developer or a web development shop that will be building sites in D8, you will need to make sure you have PHP 5.4 installed. Default Ubuntu 12.04 LTS and RedHat 6 or older do not use PHP 5.4 so you will need to upgrade.
Switch to PHP 5.4
If you currently have a D4/5/6/7 site, and you're running the site using PHP 5.4, your site(s) will probably have errors. Some errors will be easy to fix and some will be hard. If your site is on D7 and has the latest core and contrib modules then any error that comes up should be fairly easy to fix and patches are available in most cases. If the problem requires a lot of work especially when you have a D4/5/6 sites then you will have a few decisions to make. There is no definitive solution to this. It depends on your budget limitation, time and/or staff availability, and current server setup.
Here are your options:
1. Upgrade PHP to 5.4, stick with your existing version of Drupal and try to fix the errors.
2. Run multiple versions of PHP. Your old Drupal site will run on the existing version of PHP and if you add a new D8 site, run it on PHP 5.4 or higher.
3. Upgrade all of your old Drupal sites to Drupal 8 after a stable release is available.
4. If you want to add a new D8 site in addition to other old Drupal sites: Set up the D8 site on a different server with PHP 5.4. Leave your existing sites as it is.
PHP 5.5 is already out, should I use PHP 5.5 instead of 5.4?
At the time when this blog post is written, core
is still broken (edit: can get around it by disabling opcache) for PHP 5.5 . It is not as widely used as PHP 5.4 so there is probably still lots of undiscovered issues for PHP 5.5. I would use 5.4 for now.
If your site is currently on an unsupported version of Drupal and/or PHP and youâre wondering which option is best for your needs, feel free to contact us and we will give you our recommendation.
Edit: added "July" 2014 for PHP 5.3 no longer provide anymore security update, added link to PHP 5.5 opcode issue