We Won’t Install PHP7 On Ubuntu 14.04 Servers
Several clients and people in the WordPress community can’t stop asking us if/when we are going to be offering PHP7 as part of our managed hosting services. Despite our sheer excitement over the newest versions of PHP, the answer, at least for the time being, is simply NOT YET, and this is due to our core values: speed, stability, security.
These three values are equal and affect each other greatly. While PHP7 has been proven without a doubt to be much faster than PHP 5.X (etc) — and even gives HHVM, the PHP alternative created by Facebook, a run for its money — ultimately this comes down purely to a question of stability and security.
As a “boutique” hosting provider, we do aim of course to offer certain features and technologies earlier and perhaps in a more flexible or effective way than many of the traditional “shared hosting companies” that are out there. That being said, at the end of the day we are responsible for our clients’ websites, and implementing PHP7 is not something we will be doing until later in the 2016 calendar year (sometime after Ubuntu 16.04 is released) for the following reasons:
1. PHP7 requires a third-party PPA. If you are not familiar with PPAs, they are non-official software repositories maintained by individuals and released to the public in regard to Ubuntu Linux. While this is a cool thing and encourages innovation, participation, and community, it also means that by using a PPA you are 100% putting your server into the hands of a single individual who has no contract or communication (etc) with you. Now, while this doesn’t necessarily mean your servers are at risk of malware or foul play, it does mean that if that person dies, disappears, or has any change of heart, you are completely on your own and out of luck when it comes to software support, updates, and security patches. In the case of PHP7 (and 5.6, etc) there is only one man in the world with a solid reputation for his repositories, and that is Ondrej Sury, a badass Czech dude who works for Debian, ICANN, and does a laundry list of other cool things for the internet.
2. PHP 5.5 (etc) are patched by Canonical for LTS. Now that the “end of life” cycle is near for PHP version 5.5, several bloggers are starting to spread panic about it as they desperately beg the interwebz to upgrade to PHP 5.6 or PHP7. Despite this happening year after year after year, apparently it is still grossly misunderstood by the web-dev community how exactly the Ubuntu release cycle works; specifically, when it comes to Ubuntu’s LTS (Long Term Support) releases of their operating system, the included software repositories are 100% backed, supported, and patched for security holes by Canonical, the private London-based corporation that maintains Ubuntu, for the entire life cycle of LTS releases. And besides, when a software such as PHP 5.5 has been around for as long as it has (nearly four years), it tends to have nearly every possible security hole already patched, meaning an insane amount of stability and security.
Note: if you are NOT using Ubuntu Linux, these great benefits may not apply to you, in which case… consider Ubuntu. :)
3. Opcache + CloudFlare are pretty damn good. As our LittleBizzy hosting clients already know, we already enable the Opcache feature across all of our client servers, which has been included in PHP by default since version 5.5. Opcache “caches” the bytecode involved in PHP, meaning that full parsing of a PHP file’s code is not necessary. This, along with the fact that our CloudFlare setup caches all static resources along with the HTML files generated by the free Comet Cache plugin, means that the added benefits involved with PHP7’s processing power are less of a concern for us (although still are definitely desirable, especially when it comes to the dynamic queries involved with WooCommerce, bbPress, etc).
4. Ubuntu 16.04 is right around the corner. Thanks to the amazing efforts of Canonical and their impressively organized releases and repositories, the newest LTS version of Ubuntu, 16.04, is going to be fully released around mid-2016; and, thanks to the efforts of Mr. Ondrej Sury (and others) who pushed hard for it, PHP7 will be included by default. What this means is that rather than needing to rely on third-party PPAs, all Ubuntu servers will be able to install and configure PHP7 automatically via default Ubuntu repositories, and with PHP7 being very new (released in December 2015), any security patches or other issues will be addressed directly by the repositories maintained by Canonical.
In conclusion, rather than messing around with PHP 5.6 (which has some backwards compatibility issues) or relying on a third-party PPA, we believe its much more responsible and will not hurt the performance of sites by a very noticeable margin (if at all) to simply wait for Ubuntu 16.04 LTS and the glorious arrival of PHP7 that accompanies it.