Last checked and updated on April 20, 2026
PHP Lifecycle & End of Life (EOL) Policy
PHP maintains a consistent four-year support policy for every major release branch. This period is divided into two equal phases that help development teams balance access to new features with long-term stability and security.
The first two years are known as Active Support. During this time, the PHP team releases regular point versions that include both bug fixes and security patches. After Active Support ends, the branch enters a two-year Security Support phase where only critical security issues are addressed. Releases during this phase are made only when necessary, so they may appear frequently or not at all depending on reported vulnerabilities.
Once the full four years conclude, the version reaches End of Life. At that point the branch is considered obsolete and receives no further updates of any kind from the official PHP project.
| Phase | Duration | What You Receive |
|---|---|---|
| Active Support | First 2 years | Regular bug fixes, security patches, and point releases |
| Security Support | Next 2 years | Critical security fixes only, released as needed |
| End of Life | After 4 years total | No updates or official support |
Risks of Using End-of-Life (EOL) Versions
Running a PHP version that has reached End of Life introduces significant operational and security risks. Without any further patches, newly discovered vulnerabilities remain unaddressed, making your web applications and servers more susceptible to attacks.
You also lose access to official bug fixes, which means stability or performance problems that surface later must be resolved without help from the PHP core team. Many popular PHP frameworks, libraries, and hosting providers gradually drop support for EOL versions, leading to compatibility issues when updating other parts of your stack.
Organizations subject to compliance or security standards often face audit challenges because these policies generally require the core language runtime to stay under active maintenance. The longer an EOL version remains in production, the greater the maintenance burden and potential for unexpected incidents.
| Risk | Potential Impact |
|---|---|
| Unpatched security vulnerabilities | Higher risk of exploits and data breaches |
| No official bug fixes | Persistent issues affecting reliability |
| Framework and library incompatibility | Broken dependencies or upgrade failures |
| Compliance violations | Audit findings or regulatory problems |
What Happens After PHP Reaches EOL
When a PHP major version reaches End of Life, the official support window closes completely. The PHP development team stops all work on that branch, meaning no more security patches, bug fixes, or point releases will ever be published.
Your existing applications will continue to execute as before, but you become fully responsible for managing any future security concerns or defects. Community resources may still offer discussions and workarounds, yet no guaranteed assistance or compatibility testing comes from the official project.
Experienced teams view the EOL date as a hard deadline and complete their migration to a supported version well in advance. This practice keeps applications secure, maintainable, and aligned with the current PHP ecosystem.
FAQ
Q1: How long is each PHP major version supported?
Every PHP major release receives a total of four years of support: two years of Active Support followed by two years of Security Support.
Q2: What is the difference between Active Support and Security Support?
Active Support includes regular bug fixes and security patches with frequent point releases, while Security Support is limited to critical security fixes only.
Q3: Can I continue using PHP after it reaches EOL?
Yes, the code will still run, but you will no longer receive any updates or official help, leaving your applications exposed to known vulnerabilities.
Q4: Are security patches released after EOL?
No. Once a version reaches End of Life, no further security patches or any other updates are provided.
Q5: How can I avoid problems with PHP EOL dates?
Keep track of your installed versions and plan upgrades while the version is still receiving Security Support.
Tracking & Monitoring PHP EOL Dates
Successful lifecycle management starts with maintaining an accurate inventory of every PHP version running in development, testing, staging, and production environments. Many teams include this information in their central monitoring or configuration management systems for quick visibility.
Perform regular checks, such as quarterly reviews, to identify versions approaching the end of Active or Security Support. Set up simple alerts in your operations tools so stakeholders receive early notification when less than six to nine months of support remain.
Document your upgrade roadmap alongside these timelines. By treating EOL dates as scheduled milestones, organizations can migrate smoothly and maintain a secure, supported PHP environment across all projects.
How To Check Your PHP Version
Determining the exact PHP version in use is quick and should be part of routine maintenance. From the command line, run one of the following commands.
php --version
php -v
These commands display the full version string, including the major, minor, and patch levels. Inside a PHP script or web application, you can also retrieve the version programmatically.
<?php
echo phpversion();
echo PHP_VERSION;
?>Run these checks across all servers, containers, and hosting environments to keep your version inventory up to date and spot any outdated installations before they approach EOL.