PHP version is the most consequential performance and security decision on a WordPress site. PHP 8.2 runs the same code 30-40% faster than PHP 7.4 - with zero code changes. That is as close to a free lunch as performance gets. Older versions are also unmaintained: PHP 7.4 hit EOL November 2022, PHP 8.0 in 2023, PHP 8.1 in 2025. Running EOL PHP is a direct security exposure - independent of WordPress itself.
Why this matters
The 7.4 → 8.2 jump on WordPress: TTFB drops 30-40%. An admin page that took 1.2s drops to 800ms; an admin-ajax that took 400ms drops to 250ms. All before any caching layer. The reason: PHP 8 introduced JIT (Just-In-Time) compilation - automatic runtime optimization of hot paths. Plus opcode resolution improvements, named arguments, and attributes - the language just runs faster.
Security: PHP 7.4 and 8.0 no longer receive CVE patches. Any vulnerability discovered after EOL stays open forever on your site. Attackers scan the internet for EOL versions because they know patches are missing. Many compliance frameworks (PCI-DSS) require a supported PHP.
Since WordPress 6.3, core technically supports PHP 7.4 but recommends 8.0+. By 2024 most popular plugins dropped 7.4. A site stuck on 7.4 keeps colliding with plugins that refuse to update.
How to detect
Tools > Site Health > Info > Server shows the current "PHP version". Anything 7.4/8.0/8.1 needs an upgrade. Via WP-CLI: wp eval 'echo PHP_VERSION;' or simply php -v. Site Health also raises a warning when the version is unsupported.
How to fix
Step 1: back up. Files + database. Never upgrade without one.
Step 2: scan for plugin compatibility. Run WP Engine's "PHP Compatibility Checker" - it reports warnings statically. Pay attention to plugins untouched for 2-3 years and to bespoke themes.
Step 3: if available, test on staging. Most managed hosts include free staging. Upgrade there, browse every important page, and exercise admin: post editor, settings, bulk actions.
Step 4: upgrade in production. cPanel: "Select PHP Version" or "MultiPHP Manager". Plesk: Domain > PHP Settings. Hostinger/SiteGround offer dedicated panels.
Step 5: choose 8.2 or 8.3. PHP 8.4 (released November 2024) is stable but plugin compatibility is still maturing. 8.2 is the safe production default for 2026.
Step 6: reload the site immediately. Verify homepage, a sample product or post, contact page, checkout (if WooCommerce). Then verify wp-admin: new post, settings, plugins.
If something breaks, check wp-content/debug.log. The usual cause is an old plugin with PHP 8-incompatible syntax (e.g., the removed each()). Update the plugin or replace it. As a last resort, temporarily revert to 7.4 and plan replacement.
Common mistakes
Mistake one: upgrading without a backup. If anything breaks there is no rollback. Mistake two: skipping staging. A plugin may run technically but flood debug.log with warnings until it hits 50MB. Mistake three: jumping straight to 8.4 - some hosts do not yet support it, and some plugins are still catching up. 8.2 is the conservative choice. Mistake four: forgetting to update WP_PHP_MIN in wp-config if you set it manually.
Verifying the fix
Site Health should show PHP 8.2+. Lighthouse TTFB should drop 100-300ms. Watch debug.log for 24 hours - no new warnings means the upgrade landed cleanly. Click through every important page type. With WooCommerce, complete a test order end to end.