Although WordPress can work in almost any environment, even very minimal ones, it must be acknowledged that it does not work completely well in these. That's why here we are going to make some minimum recommendations of the environment in which it would work most effectively when considering that most WordPress websites use third party plugins and themes which commonly introduce additional server-level requirements.
Quick recommendations:
- WordPress 6.6 Server Compatibility
- WordPress 6.5 PHP Compatibility
- WordPress 6.4 PHP Compatibility
- WordPress 6.3 PHP Compatibility
All the post published are available at:
The web server is piece of software that accepts user web requests and serves them the appropriate result. There are many different web servers that run on different operation systems. Generally, if your web server supports and executes PHP files, it should be able to work with WordPress.
The two most popular ones that are recommended are:
- Apache HTTPD 2.4
- nginx 1.26
Others are used by hosting companies and developers and are known to work well too:
- Angie 1.7
- LiteSpeed Web Server 6.3 / 6.2 / 6.1 / 6.0 / 5.4
- OpenLiteSpeed 1.8 / 1.7
Those are the latest versions at the time of writing this document, for WordPress 6.6. Always keep your web server up-to-date to ensure best performance!
PHP is a programming language on which WordPress code is based. This language runs on the server and it is important to keep it up to date, both for security and functionality.
WordPress supports many versions of PHP, some even obsolete (PHP Compatibility and WordPress Versions), for hosting companies we recommend:
IMPORTANT: WordPress 6.7 is compatible with exceptions with PHP 8.0, PHP 8.1, PHP 8.2, and beta compatible with PHP 8.3, and PHP 8.4.
What "compatible with exceptions" mean?
-
PHP 8.0
- #48689: Filesystem WP_Filesystem_FTPext and WP_Filesystem_SSH2 when connect fails. An investigation is underway as to why on some occasions the access to the files returns some type of error. NOTE: Has a patch.
- #49728: Prepare for the internal functions throwing TypeError or ValueError exceptions on unexpected types/values. Internal functions will throw an exception if the function call arguments are of a type that is not expected. NOTE: Has a patch.
- #51019: convert_smilies() fails on large tags. The function fails when dealing with large HTML tags, particularly when an image with a large data URL is included in the post content. NOTE: Has a patch, but moved to WordPress 6.8.
- #55121: classic widgets with no settings won't show up in 5.9. Classic widgets with no settings do not appear correctly in WordPress 5.9 and above. This is due to changes in how widgets are handled in the block editor, causing compatibility problems with older widget setups. NOTE: Has a patch, but moved to WordPress 6.3.
- #55257: map_deep() function incompatibility with incomplete objects in PHP 8.0+. The function becomes incompatible with incomplete objects when running on PHP 8.0 or higher. NOTE: Has a patch, but moved to Future Release.
- #59649: Named parameters. WordPress does not support named parameters. PHP 8.0 supports optionally calling functions and class methods by specifying the parameter name, instead of calling them on the order of parameters that they are declared. PHP, and many other programming languages, support positional parameters: The caller passes the parameters in the same order the function/method declares its parameters. NOTE: Moved to WordPress 6.8.
- #60745: WP_Query::parse_query() does not handle invalid query arg values. The function does not properly handle invalid query argument values. This results in PHP fatal errors when unintended data types, like arrays, are passed where scalars are expected. NOTE: Has a patch, but moved to WordPress 6.8.
-
PHP 8.1
- Not all "passing null to non-nullable" issues have been found. In PHP, you can tell a function exactly what type of information it should accept. If you tell a function to expect a certain type of information, and you give it nothing at all (null is like saying "nothing"), then PHP gets confused and gives an error. This problem happens when someone accidentally gives a function "nothing" when the function wasn't designed to handle "nothing".
- #53465: htmlentities() needs the default value of the flags parameter explicitly set. According to htmlentities(), the default for flags for PHP 8.1 was "changed from
ENT_COMPAT
toENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401
". All use cases for this functionality in Core are being investigated. NOTE: Has a patch. - #57579: Replace most strip_tags() with wp_strip_tags(). Proposes optimizing how block templates are handled by minimizing unnecessary filesystem calls during their loading process. NOTE: Has a patch, but moved to Future Release.
- #57580: Avoid errors from null parameters in add_submenu_page(). A deprecated error caused by the
wp_normalize_path()
function when null is passed as an argument. This issue occurs primarily due to plugins incorrectly passing null in theadd_submenu_page()
function. NOTE: Has a patch, but moved to Future Release. - #61179: Deprecated messages about passing null in widgets.php Addresses a deprecated message issue in
widgets.php
. NOTE: Has a patch, but moved to WordPress 6.7.
-
PHP 8.2
- #55603: utf8_{encode|decode} deprecation with pending decision on requiring a PHP extension. NOTE: Has a patch, but moved to WordPress 6.8.
- #56034: Unknown dynamic properties' deprecation. NOTE: Moved to Future Release.
- #57304: Add SensitiveParameter attribute to DB connection and login variables. This enhancement aims to protect sensitive data in case of errors, making it less likely to be exposed in logs or bug reports. NOTE: Moved to WordPress 6.7.
- #60875: Handler proposal for known dynamic properties that are initialized and set late only when getting its value. Handling dynamic properties that are initialized only when accessed. Since PHP 8.2 deprecates dynamic (non-declared) properties, the proposal aims to pre-declare these properties while retaining the current design where they are lazily initialized. NOTE: Moved to WordPress 6.8.
- #61154: Fix the 'attributes' dynamic property in WP_Block. Fixing the 'attributes' dynamic property in the
WP_Block
class. NOTE: Has a patch, but moved to WordPress 6.8. - #61890: Handle WP_Term dynamic properties for PHP 8.2. Handling of dynamic properties in the
WP_Term
class to ensure compatibility. NOTE: Has a patch, but moved to WordPress 6.8.
What "beta" mean?
-
PHP 8.3
- Deprecation notices. A deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9.0. With a deprecation notice, the PHP code will continue to work and nothing is broken.
- #59231: Prepare for PHP 8.3.. NOTE: Has a patch, but moved to WordPress 6.7.
- #59232: Introduce #[Override] attribute to mark overloaded methods This attribute helps prevent coding errors by making it clear when a method is overloaded. It also assists with refactoring, debugging, and catching potential breaking changes in the parent class. NOTE: Has a patch, but moved to Future Release.
- #59233: Improve error handling for unserialize().
maybe_unserialize()
function could still be confronted by data with trailing bytes. NOTE: Moved to Future Release. - #59654: PHP 8.x: various compatibility fixes for WordPress 6.7. This ticket acts as a central hub for smaller patches that fix specific PHP 8.x failures. It continues the work from previous releases, ensuring that WordPress maintains compatibility with newer PHP versions like PHP 8.0, 8.1, 8.2, and upcoming versions like PHP 8.3. NOTE: Moved to WordPress 6.7.
-
PHP 8.4
- Deprecation notices. A deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9.0. With a deprecation notice, the PHP code will continue to work and nothing is broken.
- #62061: Prepare for PHP 8.4.. NOTE: Has a patch.
Other related tickets
- PHP
- #51525: Add new functions apply_filters_single_type() and apply_filters_ref_array_single_type().
- #54183: Tests: decide on how to handle deprecations in PHPUnit
- #54537: Tests: Enable PHP version check once PHP 8.0 compatibility is achieved.
- #58874: Code Modernization: Consider using the null coalescing operator.
- #59234: Introduce a
wp_json_decode()
function, including validation when available
IMPORTANT: WordPress 6.6 is compatible with exceptions with PHP 8.1, and PHP 8.2, and beta compatible with PHP 8.3.
What "compatible with exceptions" means?
-
PHP 8.1
- Not all "passing null to non-nullable" issues have been found. In PHP, you can tell a function exactly what type of information it should accept. If you tell a function to expect a certain type of information, and you give it nothing at all (null is like saying "nothing"), then PHP gets confused and gives an error. This problem happens when someone accidentally gives a function "nothing" when the function wasn't designed to handle "nothing".
_htmlentities()
needs the default value of the flags parameter explicitly set_. According to htmlentities(), the default for flags for PHP 8.1 was "changed from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401". All use cases for this functionality in WordPress Core are being investigated. NOTE: Has a patch, but moved to WordPress 6.7.- Replace most
strip_tags()
withwp_strip_tags()
. There are rare occasions when thestrip_tags()
function is passed a null value, which generates a warning that the string is deprecated. NOTE: Has a patch. - Update
is_serialized
function to acceptEnums
.Enums
are not backwards compatible with older PHP versions. NOTE: Has a patch, but moved to WordPress 6.7.
-
PHP 8.2
utf8_{encode|decode}
deprecation with pending decision on requiring a PHP extension. NOTE: Has a patch, but moved to WordPress 6.7.- Unknown dynamic properties' deprecation. NOTE: Moved to WordPress 6.7.
What "beta" means?
- PHP 8.3
- Deprecation notices. A deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9.0. With a deprecation notice, the PHP code will continue to work and nothing is broken.
- Improve error handling for
unserialize()
.maybe_unserialize()
function could still be confronted by data with trailing bytes. NOTE: Moved to WordPress 6.7.
IMPORTANT: WordPress 6.5 is compatible with exceptions with PHP 8.0, PHP 8.1, and PHP 8.2, and beta compatible with PHP 8.3.
What "compatible with exceptions" means?
-
PHP 8.0
- Named parameters. WordPress does not support named parameters.
- Filesystem WP_Filesystem_FTPext and WP_Filesystem_SSH2 when connect fails.
-
PHP 8.1
- Not all "passing null to non-nullable" issues have been found.
- htmlentities() et al needs the default value of the flags parameter explicitly set.
- Replace most strip_tags() with wp_strip_tags().
-
PHP 8.2
- utf8_{encode|decode} deprecation with pending decision on requiring a PHP extension.
- Unknown dynamic properties deprecations.
What "beta" means?
- PHP 8.3
- Deprecation notices: A deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9.0. With a deprecation notice, the PHP code will continue to work and nothing is broken.
IMPORTANT: WordPress 6.4 is compatible with exceptions with PHP 8.0, PHP 8.1, and PHP 8.2, and beta compatible with PHP 8.3.
What "compatible with exceptions" means?
-
PHP 8.0
- Named parameters. WordPress does not support named parameters.
- Filesystem WP_Filesystem_FTPext and WP_Filesystem_SSH2 when connect fails.
-
PHP 8.1
- Not all "passing null to non-nullable" issues have been found.
- htmlentities() et al needs the default value of the flags parameter explicitly set.
- Replace most strip_tags() with wp_strip_tags().
-
PHP 8.2
- utf8_{encode|decode} deprecation with pending decision on requiring a PHP extension.
- Unknown dynamic properties deprecations.
What "beta" means?
- PHP 8.3
- Deprecation notices: A deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9.0. With a deprecation notice, the PHP code will continue to work and nothing is broken.
IMPORTANT: WordPress 6.3 is compatible with exceptions with PHP 8.0 and PHP 8.1, and beta compatible with PHP 8.2.
What "compatible with exceptions" means?
-
PHP 8.0
- Named parameters. WordPress does not support named parameters.
- Filesystem WP_Filesystem_FTPext and WP_Filesystem_SSH2 when connect fails.
-
PHP 8.1
What "beta" means?
- PHP 8.2
- Deprecation notices: A deprecation notice is not an error, but rather an indicator of where additional work is needed for compatibility before PHP 9.0. With a deprecation notice, the PHP code will continue to work and nothing is broken.
PHP 8.1 is maintained by the PHP Community only as Security fix only starting 2022-11-26. Keeping your PHP to the latest stable version is important for WordPress speed and security.
Versions prior to PHP 8.1 are not maintained by the PHP Community, although they may receive security updates from operating systems distributions.
End of life PHP versions:
- PHP 8.3: 2027-12-31
- PHP 8.2: 2026-12-31
- PHP 8.1: 2025-12-31
- PHP 8.0: 2023-11-26 last release: 8.0.30
- PHP 7.4: 2022-11-28 last release: 7.4.33
- PHP 7.3: 2021-12-06 last release: 7.3.33
- PHP 7.2: 2020-11-30 last release: 7.2.34
- PHP 7.1: 2019-12-01 last release: 7.1.33
- PHP 7.0: 2019-01-10 last release: 7.0.33
- PHP 5.6: 2018-12-31 last release: 5.6.40
- PHP 5.5: 2016-07-21 last release: 5.5.38
- PHP 5.4: 2015-09-03 last release: 5.4.45
- PHP 5.3: 2014-08-14 last release: 5.3.29
- PHP 5.2: 2011-01-06 last release: 5.2.17
- PHP 5.1: 2006-08-24 last release: 5.1.6
- PHP 5.0: 2005-09-05 last release: 5.0.5
- PHP 4.4: 2008-08-07 last release: 4.4.9
- PHP 4.3: 2005-03-31 last release: 4.3.11
- PHP 4.2: 2002-09-06 last release: 4.2.3
- PHP 4.1: 2002-03-12 last release: 4.1.2
- PHP 4.0: 2001-06-23 last release: 4.0.6
WordPress core makes use of various PHP extensions when they're available. If the preferred extension is missing WordPress will either have to do more work to do the task the module helps with or, in the worst case, will remove functionality. All the extensions are for installations with PHP >= 7.4.
The PHP extensions listed below are required for a WordPress site to work.
- json (bundled in >=8.0.0) - Used for communications with other servers and processing data in JSON format.
- One of either mysqli (bundled in >=5.0.0), or mysqlnd - Connects to MySQL for database interactions.
The PHP extensions listed below are highly recommended in order to allow WordPress to operate optimally and to maximise compatibility with many popular plugins and themes.
- curl (PHP >= 7.3 requires libcurl >= 7.15.5; PHP >= 8.0 requires libcurl >= 7.29.0 ; PHP >= 8.4 requires libcurl >= 7.61.0) - Performs remote request operations.
- dom (requires libxml) - Used to validate Text Widget content and to automatically configure IIS7+.
- exif (requires php-mbstring) - Works with metadata stored in images.
- fileinfo (bundled in PHP) - Used to detect mimetype of file uploads.
- hash (bundled in PHP >=5.1.2) - Used for hashing, including passwords and update packages.
- igbinary - Increases performance as a drop in replacement for the standard PHP serializer.
- imagick (requires ImageMagick >= 6.2.4) - Provides better image quality for media uploads. See WP_Image_Editor for details. Smarter image resizing (for smaller images) and PDF thumbnail support, when Ghost Script is also available.
- intl (PHP >= 7.4.0 requires ICU >= 50.1) - Enable to perform locale-aware operations including but not limited to formatting, transliteration, encoding conversion, calendar operations, conformant collation, locating text boundaries and working with locale identifiers, timezones and graphemes.
- mbstring - Used to properly handle UTF8 text.
- openssl (PHP 7.1-8.0 requires OpenSSL >= 1.0.1 / < 3.0; PHP >= 8.1 requires OpenSSL >= 1.0.2 / < 4.0; PHP >= 8.4 requires OpenSSL >= 1.1.1 / < 4.0) - SSL-based connections to other hosts.
- pcre (bundled in PHP >= 7.0 recommended PCRE 8.10) - Increases performance of pattern matching in code searches.
- xml (requires libxml) - Used for XML parsing, such as from a third-party site.
- zip (requires libzip >= 0.11; recommended libzip >= 1.6) - Used for decompressing Plugins, Themes, and WordPress update packages.
The PHP extensions listed below are recommended to allow some WordPress cache (if necessary). APCu, Memcached, and Redis are alternatives of which only one needs to be used.
- apcu – In-memory key-value store for PHP (former APC stripped of opcode caching).
- memcached (requires libmemcached >= 1.0.0) - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
- opcache - PHP can be configured to preload scripts into the opcache when the engine starts.
- redis - PHP extension for interfacing with Redis.
The PHP extensions listed below are optional to imrpove some WordPress functionality.
- timezonedb - Timezone Database to be used with PHP's date and time functions
For the sake of completeness, below is a list of the remaining PHP modules WordPress may use in certain situations or if other modules are unavailable. These are fallbacks or optional and not necessarily needed in an optimal environment, but installing them won't hurt.
- bc - For arbitrary precision mathematics, which supports numbers of any size and precision up to 2147483647 decimal digits.
- filter - Used for securely filtering user input.
- image (requires libgd >= 2.1.0; requires zlib >= 1.2.0.4; optional freetype2) - If Imagick isn't installed, the GD Graphics Library is used as a functionally limited fallback for image manipulation.
- iconv (requires libiconv/POSIX) - Used to convert between character sets.
- shmop - Shmop is an easy to use set of functions that allows PHP to read, write, create and delete Unix shared memory segments.
- simplexml (requires libxml) - Used for XML parsing.
- sodium - (bundled in PHP >=7.2.0; requires libsodium >= 1.0.8) - Validates Signatures and provides securely random bytes.
- xmlreader (requires libxml) - Used for XML parsing.
- zlib (requires zlib >= 1.2.0.4) - Gzip compression and decompression.
These extensions are used for file changes, such as updates and plugin/theme installation, when files aren't writeable on the server.
- ssh2 (requires OpenSSL and libssh >= 1.2; recommended libssh >= 1.2.9) - Provide access to resources (shell, remote exec, tunneling, file transfer) on a remote machine using a secure cryptographic transport.
- ftp - Implement client access to files servers speaking the File Transfer Protocol (FTP).
- sockets - Implements a low-level interface to the socket communication functions based on the popular BSD sockets.
The priority of the transports are Direct file IO, SSH2, FTP PHP Extension, FTP implemented with Sockets, and FTP implemented through PHP alone.
- curl (recommended >= 8.4)
- Ghost Script (recommended Ghost Script >= 10.0)- Enables Imagick/ImageMagick to generate PDF thumbnails for the media library. See Enhanced PDF Support in WordPress 4.7 for details.
- ImageMagick (recommended ImageMagick >= 7.1) - Required by Imagick extension.
- OpenSSL (recommended >= 3.0)
- WebP
- AVIF
For data storage, WordPress uses systems compatible with MySQL.
Officially recommended by WordPress are:
End of life MySQL versions:
- MySQL 9.1: n/d
- MySQL 9.0: 2024-10-15
- MySQL 8.4: 2032-04-30
- MySQL 8.3: n/d
- MySQL 8.2: n/d
- MySQL 8.1: 2023-10-25 last release: 8.1.0
- MySQL 8.0: 2026-04-30
- MySQL 5.7: 2023-10-31 last release: 5.7.44
- MySQL 5.6: 2021-02-28 last release: 5.6.51
- MySQL 5.5: 2018-12-31 last release: 5.5.63
End of life mariaDB versions:
- MariaDB 11.5: n/d
- MariaDB 11.4: 2029-05-29
- MariaDB 11.3: 2024-05-29 last release: 11.3.2
- MariaDB 11.2: 2024-11-21 last release: 11.2.4
- MariaDB 11.1: 2024-08-21 last release: 11.1.6
- MariaDB 11.0: 2024-06-07 last release: 11.0.6
- MariaDB 10.11: 2028-02-16
- MariaDB 10.10: 2023-11-17 last release: 10.10.7
- MariaDB 10.9: 2023-08-22 last release: 10.9.8
- MariaDB 10.8: 2023-05-20 last release: 10.8.8
- MariaDB 10.7: 2023-02-09 last release: 10.7.8
- MariaDB 10.6: 2026-07-06
- MariaDB 10.5: 2025-06-24
- MariaDB 10.4: 2024-06-18 last release: 10.4.34
- MariaDB 10.3: 2023-05-25 last release: 10.3.39
- MariaDB 10.2: 2022-05-22 last release: 10.2.44
- MariaDB 10.1: 2020-10-17 last release: 10.1.48
- MariaDB 10.0: 2019-03-31 last release: 10.0.38
- MariaDB 5.5: 2020-04-11 last release: 5.5.68
Other MySQL servers that are known to perform well are:
- Percona MySQL Server
- Amazon Aurora
- Amazon RDS for MariaDB 10.11
- Amazon RDS for MySQL 8.0
- Azure Database for MySQL
- Google Cloud MySQL 8.0
- DigitalOcean MySQL
- IBM Cloud Databases for MySQL 8.0
- MySQL HeatWave
Although WordPress may run on older versions, it is recommended to use these or newer ones for security and performance reasons.
If you have WordPress 5.2+, the WordPress Admin already has tools with that information in the Site Health
section (at Tools
in the menu).
If you have an older version, you can activate the Site Health
section installing the WordPress Community Plugin called Health Check & Troubleshooting (more help for this plugin).
[info]If you’re interested in improving this handbook, check the Github Handbook repo, or leave a message in the #hosting channel of the official WordPress Slack.[/info]
- 2024-09-17: Added minimum version of curl and openssl for PHP 8.4 extension.
- 2024-07-04: Up-to-date for WordPress 6.6 compatibility.
- 2024-04-06: Up-to-date for WordPress 6.5 compatibility.
- 2023-11-11: Up-to-date. Added some EOL for databases and PHP. WordPress 6.4 compatibility. Added more information about system packages.
- 2023-10-04: Up-to-date. Added some EOL for databases and PHP. Explanation about BETA and EXCEPTIONS for WordPress 6.3.
- 2023-09-07: Added shmop PHP extension.
- 2023-08-02: Updated for WordPress 6.3 and up-to-date everything.
- 2023-06-08: Added PHP igbinary extension.
- 2023-05-27: Updated PHP extensions requirements and cache extensions.
- 2023-04-19: MariaDB fixed with LTS versions
- 2023-02-17: Updated LiteSpeed Web Server. Updates for WordPress 6.2 beta and PHP >= 7.4.
- 2022-11-16: Updated WordPress 6.0 / WordPress 6.1, PHP compatibility information and other versions
- 2022-06-22: Added PHP extensions requirements and cache extensions
- 2022-06-06: Delete MariaDB 10.2
- 2022-05-13: Update for WordPress 6.0 and stable software versions; updated deprecated PHP versions and extensions
- 2021-05-27: Fixing infoboxes
- 2021-05-07: Updated versions and extensions. PHP 7.3 bump based on Trac
- 2021-05-05: Updated the imagick (WP_Image_Editor) link
- 2021-05-05: Updated versions (webserver, PHP, SQL)
- 2021-02-17: Changelog added
- 2020-11-23: Minor text changes and info-block
- 2020-07-16: Updated webserver versions and vendors. Updated PHP versions. Updated SQL versions and vendors. Added: How do I know which version I have?. Updated libsodium to sodium
- 2020-06-02: Published from Github