DEVOPSdigest

The latest annual PHP Landscape report from Zend by Perforce provides insight into how PHP is being deployed and used, and also examines challenges such as managing end of life EOL software, and scrutiny of the 572 global respondents' concerns around and plans for security and compliance.

For example, respondents were asked about their confidence that their PHP applications are secure. On average, over half are very confident, 27% saying they are somewhat confident and just over 18% saying they are extremely confident. Only 1% are not at all confident.

Respondents were also asked to share their top app security tactics. On a scale of one to five, implementing strong authentication and access controls came out on top (4.38), closely followed by implementing and enforcing secure coding practices (4.35) and regularly applying security patches and updates in application dependencies (4.2). Monitoring and logging application activities for security incidents was rated at 3.99, with the fifth most popular tactical security measure being performing automated security scanning and testing (3.52).

Regulatory Requirements

The need to adhere to regulatory or industry requirements was noted by just under 55%, with the most prevalent being GPDR at almost 70% (with that figure rising to 95% in the UK and Europe and dropping to 45% in the US), followed by ISO27001, PCI DSS and internal compliance standards (each around 20%). In addition, approximately a quarter of UK and European PHP users mentioned the EU e-privacy directive.

When asked how well all global respondents are doing in meeting all their various compliance and regulatory needs, the majority are confidence: 57% very confident, 17% extremely confident, and 22% somewhat confident. Those not at all confident accounted for a mere 0.39%.

End of Life

PHP professionals also shared which versions of PHP they use, with an average of 2.43 different ones. The majority have completed one migration during the previous 12 months and almost 70% are planning another during 2024. PHP 8.2 was the most used version, at just over 57%, followed by PHP 9.1 (almost 54%), PHP 8 (46%), and PHP 7.4 (almost 48%). Even older versions are still in action.

That almost 55% are still working with at least one end-of-life (EOL) PHP version is a cause for concern since EOL software — if not supported — presents a genuine security risk. Among teams that indicated a lack of confidence in their PHP applications' security, over 70% also use EOL versions. While a significant risk, this deferring migration is understandable, though clearly not recommended. Migration takes effort and brings its challenges, with the top two migration pain points being refactoring and testing, each of these mentioned by approximately 37%.

Insight into PHP's Usage

Respondents were also asked about what types of PHP apps they build or deploy, and the answers varied, reflecting the diversity and flexibility of PHP's uses. Services or APIs took the top spot at 78%, followed by internal business applications at just over 64%. Content management was cited by 45%, e-commerce by just under 36%, and CRM/ERM and mobile backends were both mentioned by just under 30% of users.

Respondents were also asked what types of systems their PHP applications integrate with, and unsurprisingly, almost 95% quoted relational databases. Web APIs were the next most common selection, at just under 80%, with file systems taking third place at 70%. In addition, other categories, such as key-value storage, search services, and cache services, continued their year-on-year growth.

Where users deploy their PHP applications varies, and they may have several destinations. There is a fairly even split between cloud and on-premise, with the latter at just under 50%. That figure rises for larger organizations (64%) compared to just over 45% for smaller companies. This is a reversal of the report's findings in the past few years, indicating that many are returning on-premises.

Top Priorities

The survey also looked at users' PHP priorities. Over 42% spend three-quarters of their time developing new features and a quarter on application maintenance. A further 28% split their time fairly evenly between maintenance and feature development. Overall, the survey found that around 85% are spending their time developing new features. While this is encouraging, reducing their maintenance and migration burden in the future could make even better use of their capacity and skills.

Regardless, the report's finding make it clear that without doubt PHP is alive and kicking and, despite some challenges — including security, compliance and EoL software — it continues to evolve and mature, earning its place across multiple areas within today's organizations.