Why PHP 7 Matters for Ubuntu 16.04 Servers

Running PHP 5 on a production server in 2016 was becoming increasingly difficult to justify. PHP 5.6 had reached its official end of life, meaning no security patches were being released. Every day that passed without upgrading introduced more risk. PHP 7 solved both problems at once: it removed the security vulnerabilities that would never be patched and delivered performance improvements that genuinely changed what was possible with a single server.

This guide walks through installing PHP 7 on Ubuntu 16.04, testing applications before cutting over, and configuring the setup for production use. The approach keeps PHP 5 installed until you have confirmed everything works, which avoids unnecessary downtime during the transition.

PHP 7 Versus PHP 5: What Changed

PHP 7 is not simply a newer version of the same thing. The underlying engine was rewritten. The PHPNG (PHP Next Generation) project, which drew from work done on HHVM at Facebook, brought significant architectural improvements that translated into real-world performance gains.

Benchmarks consistently showed PHP 7 running the same codebase two to three times faster than PHP 5.6, with noticeably lower memory consumption per request. For a busy web application, that improvement often meant handling the same traffic with fewer server resources. Response times dropped, and hosting costs followed.

Beyond performance, PHP 7 introduced language features that made code easier to write correctly. Scalar type declarations let developers specify what kind of input a function expects. Return type declarations did the same for outputs. The null coalescing operator ?? simplified a common pattern. The spaceship operator <=> made comparison functions cleaner. Anonymous classes removed boilerplate in situations where a full class definition would be overkill.

None of these features were purely cosmetic. They enabled code that was easier to reason about and generated fewer runtime errors in production.

Checking What Is Currently Installed

Before making any changes, understand what is already on the server. Two commands give a clear picture.

php -v
php -m

The first shows the PHP version currently active. The second lists every loaded extension. Knowing both matters because different applications require different extensions. A WordPress site needs different modules than a custom Laravel application.

Check the documentation for each application running on the server. Note the minimum PHP version requirement and the list of required extensions. Some applications specify a minimum version below which they simply will not run. Others may work on older PHP but with reduced functionality.

Adding a More Recent PHP 7 Repository

Ubuntu 16.04 ships with PHP 7.0 in its default repositories. That version works, but Ondřej Surý maintains a PPA (Personal Package Archive) that offers more recent PHP 7 releases with additional features and performance improvements. PHP 7.2 and 7.3 are good choices for most applications.

Add the PPA with the following commands:

sudo apt install software-properties-common -y
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update

Once the repository is added, install PHP 7.2 along with the extensions most web applications need:

sudo apt install php7.2 php7.2-cli php7.2-common php7.2-mysql php7.2-xml php7.2-curl php7.2-gd php7.2-mbstring php7.2-zip php7.2-intl php7.2-bcmath -y

Check each application's requirements for specific extensions. Applications that handle images often need php-imagick. Applications using Redis for sessions need php-redis. If an extension is missing, the application may generate errors or fail to load entirely.

Running Both PHP Versions During Testing

Do not remove PHP 5 immediately. Install PHP 7 alongside it, run thorough tests, and only remove PHP 5 after confirming everything works correctly. This parallel operation approach is the safest way to migrate a live server.

While both versions are installed, Apache needs to be configured to use one or the other. Install the Apache PHP module for PHP 7.2:

sudo apt install libapache2-mod-php7.2

Disable the PHP 5 module and enable PHP 7:

sudo a2dismod php5
sudo a2enmod php7.2
sudo systemctl restart apache2

Verify the switch worked:

php -v

The output should show PHP 7.2 or whichever version was installed. Create a test file to confirm Apache is serving PHP with the correct version:

echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/phpinfo.php

Visit the file in a browser (for example, http://yourdomain.co.uk/phpinfo.php), confirm the version shown matches what was installed, then delete the file immediately. Leaving it on the server exposes configuration details that should not be publicly visible.

Updating Code for PHP 7 Compatibility

PHP 7 removed many functions and features that existed in PHP 5. Code that ran without errors on PHP 5 may generate warnings or fatal errors on PHP 7. Running a compatibility check before switching over prevents surprises on a live site.

Several common issues appear regularly during PHP 7 migrations:

  • ereg functions: The ereg_* family is removed entirely. Replace ereg('pattern', $string) with preg_match('/pattern/', $string). The regex syntax is the same in most cases.
  • mysql_* functions: The old mysql_connect, mysql_query, and related functions are gone. MySQLi is the direct replacement with a similar API. PDO is an alternative that works consistently across different database engines.
  • each(): This function is removed. A foreach loop achieves the same result and is cleaner.
  • create_function(): Removed. Anonymous functions (function(){}) replace this cleanly.

Run the PHP-Parser tool to identify deprecated function usage programmatically:

wget https://github.com/nikic/PHP-Parser/archive/master.zip -O php-parser.zip
unzip php-parser.zip

Most modern IDEs, including PhpStorm and NetBeans, flag deprecated function usage directly in the editor. That makes checking individual files straightforward before running a full migration.

Configuring PHP 7 for Production Use

After confirming applications work correctly on PHP 7, spend time tuning the configuration. The main PHP configuration file for PHP 7.2 with Apache is /etc/php/7.2/apache2/php.ini. If using PHP-FPM, the path is /etc/php/7.2/fpm/php.ini.

These settings are worth reviewing for a production environment:

expose_php = Off
max_execution_time = 30
memory_limit = 256M
post_max_size = 64M
upload_max_filesize = 64M
display_errors = Off
log_errors = On

expose_php = Off removes the PHP version from HTTP headers, which is a small but useful security measure. display_errors = Off prevents PHP from showing errors to visitors, which is essential on a live site. log_errors = On ensures errors are written to the server log where they can be reviewed.

Adjust memory_limit and max_execution_time based on what the applications actually need. Some applications, particularly those doing heavy image processing or data imports, may require higher limits.

After changing the configuration, restart the relevant service:

sudo systemctl restart apache2
# or for PHP-FPM:
sudo systemctl restart php7.2-fpm

Considering PHP 8 for New Projects

PHP 7.4 reached end-of-security-support in November 2022. If you are evaluating a PHP upgrade now, it is worth considering whether PHP 8 is viable rather than stopping at PHP 7. PHP 8.0 introduced JIT compilation, named arguments, attributes, match expressions, and union types. Later PHP 8 releases have built on those foundations with additional improvements.

Many popular frameworks and CMS platforms now support PHP 8, though support varies by version. The upgrade path from PHP 7 to PHP 8 is generally smoother than the PHP 5 to PHP 7 migration was, partly because the most disruptive changes happened during that earlier jump. A thorough testing process is still necessary, and keeping the old version available during the switch remains the safest approach.

For those already on PHP 7 and evaluating the next move, reviewing a PHP 8 upgrade guide can help clarify what the process involves and what compatibility work to expect.

Removing PHP 5 After Migration

Once all applications have been tested and confirmed working on PHP 7, remove PHP 5. Keep a backup of the server before doing this, in case something unexpected was relying on a package that gets removed.

sudo apt purge php5 php5-cli php5-mysql php5-xmlrpc php5-curl php5-gd -y
sudo apt autoremove -y
sudo systemctl restart apache2

Verify the final state:

php -v
php -m

Check the applications one more time after removal. Rarely, an application may have a hidden dependency on a PHP 5 package that was pulled in as a side effect. Catching that before it becomes a production issue saves time and reduces stress.

Keeping the Server Secure After the Migration

Switching PHP versions is a good time to review the overall security posture of the server. PHP updates contain security patches, so staying current matters. The same applies to the operating system, web server, and any other software running on the machine.

Regular updates, proper firewall configuration, SSH access controls, and monitoring all contribute to a more secure setup. A practical securing PHP applications checklist covers the application-level steps that complement server-level hardening.

What the Upgrade Achieves

Moving from PHP 5 to PHP 7 on Ubuntu 16.04 addresses two pressing problems at once. Security vulnerabilities that will never be patched disappear. Performance improves enough that the same server handles more traffic without upgrades. The process takes careful planning and testing, but the outcome is a more secure, faster, cheaper-to-run server.

If the server is still running PHP 5, the risks accumulate every day. The migration steps above provide a structured path that minimises downtime and catches problems before they affect users. Starting with a check of what is currently installed and what the applications actually need makes the rest of the process straightforward.