PHP 7.4 reached end of life on November 28, 2022. PHP 8.0 followed on November 26, 2023. PHP 8.1 reached EOL on December 31, 2025.
PHP powers approximately 77% of all websites with a known server-side language. That makes EOL PHP versions one of the most widespread security risks in the entire web ecosystem. Right now, production servers running any of these versions receive zero security patches, zero CVE fixes, zero official support.
Complete PHP EOL Schedule
| Version | Released | End of Life | Status | EOL Risk Score |
|---|---|---|---|---|
| PHP 7.2 | Nov 2017 | Nov 30, 2020 | 🔴 EOL | 95 Critical |
| PHP 7.3 | Dec 2018 | Dec 6, 2021 | 🔴 EOL | 92 Critical |
| PHP 7.4 | Nov 2019 | Nov 28, 2022 | 🔴 EOL | 90 Critical |
| PHP 8.0 | Nov 2020 | Nov 26, 2023 | 🔴 EOL | 85 Critical |
| PHP 8.1 | Nov 2021 | Dec 31, 2025 | 🔴 EOL | 72 Critical |
| PHP 8.2 | Dec 2022 | Dec 31, 2026 | ⚠️ EOL in 7 months | 38 Medium |
| PHP 8.3 | Nov 2023 | Nov 23, 2027 | ✅ Active | 22 Low |
| PHP 8.4 | Nov 2024 | Nov 22, 2028 | ✅ Latest | 15 Low |
⚠️ PHP 7.4, 8.0, and 8.1 are all currently EOL. PHP 8.3 and 8.4 are the only supported versions. PHP 8.2 hits EOL December 31, 2026 — 7 months away.
PHP 7.4 - End of Life November 28, 2022
PHP 7.4 has been EOL for over three years. It's still the most searched PHP EOL query — and for good reason.
PHP 7.4 was the last version in the PHP 7.x line and the last version compatible with older hosting environments. Many shared hosting providers kept PHP 7.4 as their default long after EOL because upgrading to PHP 8.x introduced breaking changes. The result: millions of production servers still running an unpatched PHP version three years past EOL.
The WordPress problem: Many WordPress hosts defaulted to PHP 7.4 for years. Running WordPress on PHP 7.4 means your entire application runs on an unpatched runtime with no security fixes since November 2022.
Migration path to PHP 8.3:
- Skip 8.0 and 8.1 — both EOL. Skip 8.2 — EOL in 7 months. Go straight to 8.3.
- Run
php -lon your codebase to catch syntax errors first - Use Rector to automatically upgrade PHP syntax
- Check all Composer packages:
composer outdated - Enable
error_reporting(E_ALL | E_DEPRECATED)— every deprecation is a potential fatal error in 8.x
PHP 8.0 - End of Life November 26, 2023
PHP 8.0 has been EOL for over 18 months. It was a landmark release — JIT compilation, named arguments, union types, match expressions. Many teams upgraded from 7.4 to 8.0 and then stayed there.
If you upgraded to 8.0 to escape PHP 7.x and never went further — you're EOL again. The migration from 8.0 to 8.3 is significantly easier than 7.4 to 8.x was.
PHP 8.1 - End of Life December 31, 2025
PHP 8.1 reached EOL less than five months ago. It introduced fibers, enums, readonly properties, and intersection types. Many teams are still running 8.1 thinking they have more time. They don't.
The migration from 8.1 to 8.3 is the shortest jump available — same core architecture, mostly Composer dependency updates and minor deprecation fixes.
PHP 8.2 - EOL December 31, 2026
PHP 8.2 reaches EOL in 7 months. If you're on 8.2, start planning the 8.3 migration now — especially if you're on shared hosting where PHP version upgrades depend on your provider's timeline, not yours.
PHP 8.3 - Current Stable
PHP 8.3 is the recommended production version. Supported until November 23, 2027. This is where every production PHP deployment should be today.
How to Migrate Safely - 6 Steps
Step 1 - Check your version
php -v
On shared hosting check your control panel's PHP selector.
Step 2 - Audit dependencies
composer outdated
Check every package for PHP 8.3 compatibility.
Step 3 - Run static analysis
composer require --dev phpstan/phpstan
./vendor/bin/phpstan analyse src --level=5
Step 4 - Fix deprecations
Enable error_reporting(E_ALL | E_DEPRECATED) in development. Every deprecation notice is a future fatal error.
Step 5 - Test on PHP 8.3 in staging
Full test suite on 8.3 before touching production. Monitor error logs for 24 hours.
Step 6 - Update your hosting
- Shared hosting: use your control panel PHP selector
- Docker:
FROM php:8.1-fpm→FROM php:8.3-fpm - VPS:
apt install php8.3-fpmor equivalent
EOL Risk Score Summary
| Version | Score | Band |
|---|---|---|
| PHP 7.4 | 90 | 🔴 Critical |
| PHP 8.0 | 85 | 🔴 Critical |
| PHP 8.1 | 72 | 🔴 Critical |
| PHP 8.2 | 38 | 🟡 Medium |
| PHP 8.3 | 22 | 🟢 Low |
| PHP 8.4 | 15 | 🟢 Low |
PHP has appeared repeatedly in the CISA Known Exploited Vulnerabilities catalog. EOL PHP versions will never receive patches for newly discovered exploits.
Check Your Full Stack
PHP runtime EOL is one piece of the puzzle. Your Composer packages, frameworks (Laravel, Symfony, WordPress), and OS runtime each have their own end-of-life dates.
Use the free EOL Checker or Stack Scanner at endoflife.ai to audit your entire dependency tree - no account required.
This article is part of The EOL Intelligence Report series. EOL dates sourced from endoflife.date, PHP Group official documentation, and CISA KEV Catalog.
Top comments (0)