WordCamp Nordic : Getting Ready for PHP7.2

Do you have a zombie PHP on your site?

Today I gave a 12 minute lightning talk about getting ready for PHP7.2 in Helsinki for WordCamp Nordic.

I always upload my slides to SpeakerDeck but I have realised that the slides resources are not clickable.

So I’ve linked all the resources from links are listed below.


Slides

Resources

How WordPress is dropping PHP End of Life versions

I was writing the Site Health Check notes from the update meeting the group had at WCUS, and thought they might be useful for people outside the WordPress community too.

Some context

At the 2018 State of the Word, it was announced that WordPress was in the process of increasing the minimum supported version of PHP. This is great news as a PHP developer, but a task like this is not a simple feat.

Lots of work has been happening in the background for years. All the work has now allowed the project to be in a state where WordPress can drop PHP versions which already have EOL. The rest of this post will explain more about how the WordPress project is intending to roll this out.


Site Health Check Project review at WCUS 2018

The Site Health Check project is a collaborative multi-team project with a focus on encouraging better site maintenance.

This project benefits not just WordPress users, but also the surrounding PHP ecosystem as a whole. Our hope is that this will prompt a lot of PHP updates across the web.

It started as a project to focus efforts on getting users to update their hosting version of PHP from 5.2 to something where the End of Life has not already passed.

The project was initially called ServeHappy, homage to the BrowseHappy project which was a global tech effort to move away from Internet Explorer 6. The problem with the project name was that, when tested with users who did not know about the ins and outs of the project, the name was confusing and was not clear what the project’s intentions were.

The project is now known as the Site Health Check project. It encourages and hints to users that if they run a website, they should have a routine of checking and updating not just WordPress but underlying technologies that the site is built on. It also builds positive website ownership and habits.

The project is split into what can be considered 3 parts – changes to WordPress core itself, a site health check plugin and the site health check community support.

Upcoming changes to WordPress Core

The core-centric side of the project still reflects the Servehappy origins. This includes:

  • An information page on WordPress.org explaining the importance of updating PHP. The team has been working on improving the language used to benefit non technical people and have clear instructions of what to do if they find out their site is running an old version of PHP.
  • A dashboard notice that will inform users if their site is running on a PHP version that WordPress considers outdated and plans to drop support for in a future update.
    • The version shown in the dashboard is API-driven which means that WordPress leadership has a centralized “knob” to tune the PHP version distribution.
    • The dashboard includes a link to the previously mentioned information page on WordPress.org which has generic information on what the notice means and how to update PHP.

  • There will be an environment variable or a filter which allows hosting companies to modify the link to the “Update PHP” page on their servers so that it goes to something more relevant for their customers.
    • There are some concerns of security problems and abuse over the link redirection.

  • The team has been working on a feature to add white screen protection, which the hosting group felt was helpful and cool. The white screen protection catches any fatal errors that a PHP update might produce. From the front facing side of the website, the site will still be white screened, but with the protection in place, the user can still access the admin panel.

  • There was a discussion whether it would be better for the site to be slightly broken rather than completely broken, but the general consensus was that it is better to white screen because from the Core Team perspective, they cannot be sure of what the PHP error causes, and thus can’t be sure that all the information being shown is meant to be public.

    It is better to white screen the whole website but ensure that access to the admin panel is still accessible. Once logged in, there will be a general notification regarding the WSOD.

PHP minimum required headers

Plugins

For a while, WordPress plugins have been able to set a minimum PHP required comment as part of the plugin header. To date it has not done anything but set the intention that the plugin author is able to declare what PHP minimum version they are willing to support.

Work is being done so that the Add New Plugin admin screen will show all plugins a user searches for, but will not be able to install any plugins that require a newer version of PHP without updating that first. Another task being worked on is blocking plugin updates if the newer version requires a higher version of PHP, same as it currently works if the update requires a higher version of WordPress.

This gives plugin authors better control of what PHP versions they are willing to support, and will hopefully encourage people to upgrade their version of PHP at the same time.

This change will allow plugin authors the choice to use more modern PHP functionality and syntax without worrying their plugin will break for the end user.

Themes

For themes, the Requires PHP header is not implemented yet, as they didn’t have the same readme.txt file up until recently: https://make.wordpress.org/themes/2018/10/25/october-23rd-theme-review-team-meeting-summary/

Now that new themes do have that requirement, there is an expectation that the header will be implemented as well in the foreseeable future. Here’s a ticket for that: https://meta.trac.wordpress.org/ticket/3718

Relevant Trac Tickets

The latter two trac tickets are currently slated for 5.1 as well, planned for February 21: https://make.wordpress.org/core/5-1/

The feature merge deadline is January 10 though, so it needs to be discussed at the next #core-php meeting whether making it into 5.1 is still feasible.

A prerequisite for these changes is the WSOD protection that needs to be completed and committed by the deadline: https://core.trac.wordpress.org/ticket/44458

Join in

The group has weekly meetings on Mondays 16:00 UTC on in the #core-php channel of WordPress Slack.

GitHub: https://github.com/WordPress/servehappy

Site Health Check Plugin

The site health check plugin is a way for users to be able to see technical details of their website setup without going into the server side of things. It is useful to conducting top level investigation work without accessing the server directly.

The beta version of the plugin takes the best practices from the Hosting Team’s documentation and checks the server against that. This includes: WordPress version number, plugins and themes are up to date, PHP version number, if HTTPS is active across the whole site as well as a number of other things.

When Health Check gives notifications about upgrading things, it hands users off to plain English documentation to walk them through the process. For example: https://wordpress.org/support/update-php/. Notifications for plugins and themes being up to date are based on the version inside the plugin and theme repo. If a theme or plugin is not present in the repo, it will assume it is up to date and will not give an error.

Eventually, a lot of the Site Health Check plugin will be in core.

The Site Health Check Plugin uses a traffic light system to flag up the importance of a suggested change. The definition of critical vs non-critical update notifications is from a security perspective. If it is a security issue, it’s critical.

Early user testing with the community has shown that the plugin suffers from a lack of designer eye. During WCUS, we have had a designer volunteer to review the interface and give feedback.

This should help with the usability of the plugin and balance it between positive reinforcement of things that are set up as guided by best practices whilst not over-burdening people with extra technical information.

There is some useful documentation on how to use the Site Health Check Plugin: https://make.wordpress.org/support/handbook/appendix/troubleshooting-using-the-health-check/

Join in

– Github: https://github.com/wordpress/health-check

– WP.org : wordpress.org/plugins/health-check

Site Health Check Desks & Community Support

In-person support is invaluable. When a user is unsure of what to do, they can find in-person support at their local meetup and WordCamps. To omit any surprises, we can encourage our community to pre-warn and prepare as many people as possible.

The idea of Site Health Check desks has been tested in 3 different WordCamps and 1 meet-up with improvements and suggestions being fed back to the plugin and fliers.

Site Health Checks is an extension of the Happiness Bar, and by asking the simple question “Do you know what version of PHP your website is running?”, people either

  • Know & it is up to date – get a high-five. Thank them for keeping PHP up today and encourage them to keep up the good work. Pre-warn the next EOL of PHP Dates.
  • Know & it is out of date – highlight the EOL date has already passed and recommend they update their PHP version.
  • If they don’t know – check if they know how to check. If they do, suggest that they check and that they want it to be 7.2 or higher. 7.1 EOL is in a year.
  • If they don’t know, and don’t know how to check, invite them to sit down and the volunteers can help them check using the Site Health Check plugin. DO NOT scrape the site. They can end up being blocked off the servers.

Postcards were created with 5 core things to check. As well as printable table toppers. They are used as fliers for people to know where to download the site health check.

Meetup organisers have also shown an interest in running the site health check and promoting it at their meet-ups.

This is where much of the user testing of both the “Update PHP” information page and the Site Health Check plugin is happening.

Plugins and Themes Plans

Plugins and Themes served from WordPress.org can be automatically checked and updated to be compatible with 7.X. This is because there is access to the SVN where these plugins are being pushed from.

Ideally, plugin authors who have a plugin in the plugin repo will update their plugins to be compatible with PHP 7.X. There are already plugins such as the PHP Compatibility Checker which people can use to check how compatible their websites are with a version of PHP.

How are premium plugins and themes going to be handled?

The plugin team at WordPress.org can contact authors, but ultimately it is up to the plugin author to action the suggestions that are made from the WordPress.org team.

If there is no answer, or the author does not wish to fix errors, then this is a dead end.

Target Dates

WordPress 5.1  ->  ServeHappy notice + White Screen of Death protector

WordPress 5.2 ->  Site Health Check plugin

Where hosting companies come into play

We would like hosting companies to go aggressively, pushing their communities forward before WordPress does.

We know that, as a hosting company, many of you will see the same issues come up during a PHP update. It would be useful to the rest of the group if any information of any PHP errors that are being seen repeatedly and information about which plugin or theme is causing it. It will allow the rest of the team to prioritise which plugins and themes need attention to be fixed across the whole community.

It will also help the support team if any solutions are found to be shared, so that they know what to be suggesting in the forums. We may be able to add notices before a PHP update into the health check which highlights problematic plugins.

Hosts with PHP lower than 5.6 may see some initial notifications before that date.

Hosting company teams are most likely to know other people working in the hosting sector. Above all else – get the word out.  Big hosts are represented well here, but as a community we are aware and worried about the smaller, independent hosters. Talk to your hosting friends. Let them know this is coming. Invite the small hosting companies to join the Hosting Team on WordPress.org for up to date information of what is upcoming and will be effecting hosters.

The more we can update in batches the less burden there is across the whole industry.

Where plugin and theme authors come into play

If plugin and theme authors ensure that their plugins have a PHP minimum version set in their required header, then their plugins and themes will be ready once the PHP requirement is being enforced.

Plugin and theme authors should also ensure that their plugins are compatible with PHP 7.X. Tools such as PHP Code Sniffer (PHPCS) or the PHP Compatibility Checker as mentioned above should help.

Where developers come into play

(This section is not in the original notes)

There are many different skill sets amongst developers. Knowledge sharing and supporting each other getting plugins, themes and custom code PHP 7+ compatible is important. There are many resources already out there from when the PHP community was moving to PHP7+ but many of those resources have not been shared with the WordPress community.

Sharing those resources once again would be a great help to the whole community. We can learn from what has come before.

Actions from the meeting

– Ensure there is communication with the hosting team regarding release date plans.

–  #core-php should be cross posting ServeHappy notes to the Hosting P2 as well.

– WordPress.hosting has been taken, unsure by who. It would be handy to have WordPress.hosting symlink to Hosting Team P2 to help getting other hosting companies to join the Hosting Team

– Recommend that Hosting Team check and sync up the Best Practices documentation.

– Can someone from the hosting team please review and ensure that Health Check plugin is checking against everything that exists in the “Hosting Best Practices” doc.

– Recommended to Health Check plugin to check out Lighthouse plugin UI.

– Write up more in-depth info for meetup and WordCamp organisers, have postcard and table toppers online so they can be shared and translated easily.

Thanks

The effort to raise the minimum PHP version requirement of WordPress is a big cross- team effort. Big thanks to

It’s going to be ok – thoughts on WordPress 5.0

Morning! 5.0 is set to launch today.

It’s the release of hard work across the community-vocal & non vocal. Thank you for that hard work regardless in what format.

It means we can stop debating when the release is which will at least curb my anxiety.

I hope it means we can move forward and ship other improvements that are not Gutenberg related.

An upside is that it means Gutenberg codebase will be less violatile, which means we know what we are getting.

Another upside is that this is not a security release which means it will not trigger WordPress’s auto update. Which means ( I don’t believe I’m saying this ) you don’t need to update to 5.0 straight away. Do it when you are ready and comfortable.😀

I suspect once the release is out, many people will be blogging and writing tutorials of how to do stuff as we learn together.

Let’s make a conscious effort to make our tutorial and blog code examples show off accessible code. You know we’re going to be copying it. 😜

I haven’t fully kept up to date with the progress of core, because i have faith in the team. They are not concerned so I’m not. The HM team will have 100 paper copies of our Gutenberg white paper at , find a HM team member for a copy.

This WordPress release is not where I would have liked to have seen it or what I would have hopedto have invluded, but my focus has been elsewhere and I wasn’t the release lead.

Once Gutenberg has been shipped and is out of the limelight, we can get back to shipping other things. E.g. the Site Health Check project, which means we can encourage everyone to understand and continually update their version up to 7.1 and above.

Also means all the privacy teams work can go back in and I heard the multisite team have a bunch of improvements too.

I’m really grateful we’ve all been vocal about our concerns and many of us are excited by the new editor but dissatisfied with some of the process around it. Whether that’s the accessibility, HTML markup, the moving target date, the communication, the long form experience etc. People will learn from it. I’ve seen improvements, and there’s room for more improvements.

I’m excited by and other projects people have spun from all this. I think choice is great ( as long as it’s an open source choice ) Our sites and our content is our digital memories and we need to own these things rather than giving ownership to others.Open source allows us to own our own content. And that’s what I care about. The choice of open source CMS is ours and I look forward to a more colourful future of choices!

🌻🌻🌻🌻🌻🌻

A proposal for changing the WordPress versioning scheme

History

Currently, WordPress uses a incrementing numeric versioning system. XX.YY.ZZ could be read as ma.jor.patch which means version 4.8.1 can be read as version 48.1.

At the 2017 community summit, someone suggested that as WordPress project moves towards 5.0, that after 4.9 the versioning system should switch to semantic versioning by multiplying the versioning number by 10. This would mean the next version number after 4.9 woudl be version 50. The idea was shot down because if an end user is on 4.9 and then all of a sudden see the next version of WordPress was version 50; they would wonder where version 5-49 will freak out.

Proposal

I propose that at the point of 4.9 we switch to semantic-like versioning.

Semvar is designed to be

Given a version number MAJOR.MINOR.PATCH, increment the:

  • MAJOR version when you make incompatible API changes,
  • MINOR version when you add functionality in a backwards-compatible manner, and
  • PATCH version when you make backwards-compatible bug fixes.

Since WordPress has a don't break backwards compatiblity mentality, it would not make sense to follow the Semvar 2.0 spec.

Instead I propose something similar but in WordPress terms.

Given a version number MAJOR.MINOR.PATCH, increment the:

  • MAJOR – New Feature : when there is a major feature change,
  • MINOR – Bug Fixes : when you add scheduled bug fixes in a backwards-compatible manner, and
  • PATCH – Security : when you make security fixes in a backwards-compatible manner.

It would mean that 4.9 is a minor changes from 4.8 and does not require any major feature releases. It would also mean that until there is a major feature change, version numbers can keep increasing as minor updates. This would mean until the next major feature drop, bug fixes and gardening releases can be scheduled in a timely manner in versions 4.10.0, 4.11.0 etc release cycles.

It would also mean that we can wait till a large feature drop before upping the versioning number to 5.0 and then from then onwards any major feature drops or breaking changes can pulled into the next major versioning number.

Notes

  • After throwing this idea around with a few developers to see what the inital reaction would be, some developers have asked whether it would mean that we would never get to 5.0 because *major = breaking changes*. I disagree that a major release has to be a breaking change. From my understanding of semantic versioning methodology, we should be able to define what `major`, `minor` and `patch` means to the WordPress team and run with that.
  • I know this is a far-fetch idea that will not be popular with many people, but if we were ever going to switch versioning number, I think this is a realistic method of doing so. Doing it now would mean that we don’t have to wait till WP5.0 before any more minor releases come out.
  • I am sure there are many flaws in this idea that some people who are way more clued up with the WordPress versioning and rollout process can point out. Just remember its a proposal/ idea/ a dream. I’m ok with it staying just that.
  • WordPress is not the only popular piece of software not on Semvar and it seems to be developers who care about the software versioning system of the project.
  • If you want to read up more about different software versioning systems; Wikipedia is your friend.