> While WordPress still supports PHP5, the PHP project continues to evolve. PHP 7.2 was recently released and while it is not a huge update like PHP 7.0 was, but there are some interesting new feature and there are some important deprecations you should be aware of.
> The latest updates to PHP version 7 include important security improvements, performance enhancements, and exciting new features.
> Libsodium is Part of the Core
The application-layer cryptography library Libsodium is now part of the core in PHP 7.2. Previously, the library was made available through PECL, another recursive acronym meaning “PHP Extension Community Library.” The inclusion of Libsodium makes PHP the first programming language to add modern cryptography to its standard library. This ensures the cross-platform and cross-language library enables encryption, decryption, signatures, password hashing, and much more.
Argon 2 is an award-winning hashing algorithm. It won the 2015 Password Hashing Competition, bringing a secure alternative to the Bcrypt algorithm on the previous version of PHP. It is designed for the highest memory filling rate and effective use multiple computing units while still providing defense against tradeoff attacks. Bcrypt only allows for one cost factor, whereas Argon 2 takes three cost factors: memory cost, time cost, and parallelism factor. The memory cost factor defines the number of KiB that should be consumed during hashing, while the time cost defines the number of iterations of the hashtag algorithm. The parallelism factor sets the number of parallel threads that will be used during the hashtag.
According to benchmarks from Phoronix, PHP 7.2 runs 13% faster than 7.1 and 20% faster than 7.0. It’s 250% faster than PHP 5.6, which over 40% of WordPress users still have not updated from. Other tests support these findings. Official PHP benchmarks demonstrate that PHP 7 is twice as fast as 5.6 with half the latency, while Kinsta’s benchmarks show it to be three times as fast.
PHP 7.0 reached the end of its security support on December 3rd, 2017. Critical support will still be available through the end of 2018, but the PHP community no longer provides support for bugs or minor issues. PHP 7.1 will follow suit on December 1st, 2018. Upgrading to 7.2 ensures the latest security updates are supported continuously by the community.
With vital security updates, Libsodium in the core, and vastly improved performance features migrating from older versions of PHP to PHP 7.2 is an easy and important update