The PHP Landscape in 2024 - and the Growing Need to Consider Security and Compliance
July 09, 2024

Stephen Feloney
Perforce Software

The latest annual PHP Landscape report from Zend by Perforce provides insight into how PHP is being deployed and used, and also examines challenges such as managing end of life EOL software, and scrutiny of the 572 global respondents' concerns around and plans for security and compliance.

For example, respondents were asked about their confidence that their PHP applications are secure. On average, over half are very confident, 27% saying they are somewhat confident and just over 18% saying they are extremely confident. Only 1% are not at all confident.

Respondents were also asked to share their top app security tactics. On a scale of one to five, implementing strong authentication and access controls came out on top (4.38), closely followed by implementing and enforcing secure coding practices (4.35) and regularly applying security patches and updates in application dependencies (4.2). Monitoring and logging application activities for security incidents was rated at 3.99, with the fifth most popular tactical security measure being performing automated security scanning and testing (3.52).

Regulatory Requirements

The need to adhere to regulatory or industry requirements was noted by just under 55%, with the most prevalent being GPDR at almost 70% (with that figure rising to 95% in the UK and Europe and dropping to 45% in the US), followed by ISO27001, PCI DSS and internal compliance standards (each around 20%). In addition, approximately a quarter of UK and European PHP users mentioned the EU e-privacy directive.

When asked how well all global respondents are doing in meeting all their various compliance and regulatory needs, the majority are confidence: 57% very confident, 17% extremely confident, and 22% somewhat confident. Those not at all confident accounted for a mere 0.39%.

End of Life

PHP professionals also shared which versions of PHP they use, with an average of 2.43 different ones. The majority have completed one migration during the previous 12 months and almost 70% are planning another during 2024. PHP 8.2 was the most used version, at just over 57%, followed by PHP 9.1 (almost 54%), PHP 8 (46%), and PHP 7.4 (almost 48%). Even older versions are still in action.

That almost 55% are still working with at least one end-of-life (EOL) PHP version is a cause for concern since EOL software — if not supported — presents a genuine security risk. Among teams that indicated a lack of confidence in their PHP applications' security, over 70% also use EOL versions. While a significant risk, this deferring migration is understandable, though clearly not recommended. Migration takes effort and brings its challenges, with the top two migration pain points being refactoring and testing, each of these mentioned by approximately 37%.

Insight into PHP's Usage

Respondents were also asked about what types of PHP apps they build or deploy, and the answers varied, reflecting the diversity and flexibility of PHP's uses. Services or APIs took the top spot at 78%, followed by internal business applications at just over 64%. Content management was cited by 45%, e-commerce by just under 36%, and CRM/ERM and mobile backends were both mentioned by just under 30% of users.

Respondents were also asked what types of systems their PHP applications integrate with, and unsurprisingly, almost 95% quoted relational databases. Web APIs were the next most common selection, at just under 80%, with file systems taking third place at 70%. In addition, other categories, such as key-value storage, search services, and cache services, continued their year-on-year growth.

Where users deploy their PHP applications varies, and they may have several destinations. There is a fairly even split between cloud and on-premise, with the latter at just under 50%. That figure rises for larger organizations (64%) compared to just over 45% for smaller companies. This is a reversal of the report's findings in the past few years, indicating that many are returning on-premises.

Top Priorities

The survey also looked at users' PHP priorities. Over 42% spend three-quarters of their time developing new features and a quarter on application maintenance. A further 28% split their time fairly evenly between maintenance and feature development. Overall, the survey found that around 85% are spending their time developing new features. While this is encouraging, reducing their maintenance and migration burden in the future could make even better use of their capacity and skills.

Regardless, the report's finding make it clear that without doubt PHP is alive and kicking and, despite some challenges — including security, compliance and EoL software — it continues to evolve and mature, earning its place across multiple areas within today's organizations.

Stephen Feloney is VP of Products - Continuous Testing at Perforce Software
Share this

Industry News

May 07, 2025

Wix.com announced the launch of the Wix Model Context Protocol (MCP) Server.

May 07, 2025

Pulumi announced Pulumi IDP, a new internal developer platform that accelerates cloud infrastructure delivery for organizations at any scale.

May 07, 2025

Qt Group announced plans for significant expansion of the Qt platform and ecosystem.

May 07, 2025

Testsigma introduced autonomous testing capabilities to its automation suite — powered by AI coworkers that collaborate with QA teams to simplify testing, speed up releases, and elevate software quality.

May 06, 2025

Google is rolling out an updated Gemini 2.5 Pro model with significantly enhanced coding capabilities.

May 06, 2025

BrowserStack announced the acquisition of Requestly, the open-source HTTP interception and API mocking tool that eliminates critical bottlenecks in modern web development.

May 06, 2025

Jitterbit announced the evolution of its unified AI-infused low-code Harmony platform to deliver accountable, layered AI technology — including enterprise-ready AI agents — across its entire product portfolio.

May 05, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, and Synadia announced that the NATS project will continue to thrive in the cloud native open source ecosystem of the CNCF with Synadia’s continued support and involvement.

May 05, 2025

RapDev announced the launch of Arlo, an AI Agent for ServiceNow designed to transform how enterprises manage operational workflows, risk, and service delivery.

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.