WordPress needs 3 elements to work: a web server, a database, and the engine that makes it all work, PHP. And in general, we assume that PHP comes well mounted on our hosting, and it is not usually so.
In the official WordPress documentation on hosting, the requirements of PHP are discussed. In general, I agree, but I think they are quite restrictive and that they only look at what WordPress is in itself, but not in the advantages that including some extra PHP extensions can have to the usual operation.
It is also true that some extensions are complementary to each other, for example that of GD and ImageMagick. If you have one of the two, it is enough, but it is possible that some plugin uses the other because the improved system is not developed.
This is why I have considered doing a little research on WordPress 5.2.3 and some of the most well-known and widespread plugins .
What have I done?
The first thing was to mount a VPS machine, on which I mounted PHP 7.4beta4. It is not really necessary, and I know that this version does not support it yet, but it is compatible with the current one.
The other thing I have done is to put the WordPress version in a folder, and configure PHP CompatInfo, a tool that allows you to analyze the PHP code. This won’t tell me exactly which features are alternatives, but a modicum of WordPress already lets you guess where the shots are going.
The first scan returns the following information:
This fantastic table/list of extensions is the foundation on which to work with WordPress. And this list and the functions that are used come to say that the optimal version to use is that of PHP 7.0.2, but that it could work normally with PHP 5.6.33 (losing some functionality and especially security). It should be remembered that since 2019 any version of PHP less than the 7.1 branch is not maintained and may be insecure, so, at this point, the ideal would be to use, at least, PHP 7.1.
In this example, I’m going to use Ubuntu 18 as a base, with the repository of
ppa:ondrej/php. And to start I’m just going to install PHP and PHP-FPM (the latter does not affect the extensions, simply how I have the nginx configured). To do this, I launch the following:
add-apt-repository ppa:ondrej/php apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove apt -y install php7.4 php7.4-fpm
Once we have this assembled, we will see which extensions have PHP installed by default and are compatible with WordPress and which would have to be mounted in an extended way. For this we use the traditional
With PHP itself come, then, these extensions:
tokenizer and .
Now it remains what to do with the ones we have pending…
There are some extensions that are pretty easy to get. If we run this command we will also have the following from the list…
apt -y install php7.4-curl php7.4-gd php7.4-mbstring php7.4-xml php7.4-zip
This helps us with
Other important extensions are those of the connection to the database, in this case compatible with MySQL connection systems (whether MySQL, MariaDB or similar). There are and have been several versions for connections, and although we talk about three of them, in reality you need only two.
apt -y install php7.4-mysql php7.4-mysqlnd
With this we support and
mysqlnd, enough for the system to
Those that remain
The list of those that remain is
com_dotnet is basically if you mount your site on Windows, so at first it would not be necessary to install it.
mcrypt are also not necessary in modern versions (PHP +7.2) since these functions are replaced by those
sodium (already installed).
ssh2 is also not necessary unless you require unusual connections to upgrade the system. As a general rule, they are not necessary. If you fail the WordPress update system or need the use of private/public keys, then go ahead.
suhosin it has been a bit disused for years. Although it is proposed to recover part of it, in principle they would not be necessary either.
Before continuing, let’s prepare PHP to allow you to install and run extra extension builds.
To install some extra stuff, we’ll need to mount PHP, so it can compile, which means we need PHP to have developer permissions… and by the way, we install the PECL system, which allows you to add extra extensions to PHP.
apt -y install php7.4-dev php-pear pkg-config pecl channel-update pecl.php.net
This leaves us with
imagick (for images),
memcache (if you are going to use cache system with Memcaché, and in this case I leave it parked for later) and
xdiff for comparison topics.
The easiest way to install the enhanced imaging
imagick system is to first install the main software and its development version, and then comply with the PHP extension.
apt -y install imagemagick libmagickwand-dev pecl install imagick
Now, to make it work, you have to add the extension to PHP. In the current case, it would be something like this:
echo 'extension=imagick.so' >> /etc/php/7.4/mods-available/imagick.ini ln -s /etc/php/7.4/mods-available/imagick.ini /etc/php/7.4/fpm/conf.d/30-imagick.ini
Now we have to restart PHP (if it is in FPM mode) and the web server. At that time we will have the extension active.
The system is quite similar to the previous one… but we have to do a series of previous steps, since you have to compile a library.
cd /usr/src wget http://www.xmailserver.org/libxdiff-0.23.tar.gz tar -xzf libxdiff-0.23.tar.gz cd libxdiff-0.23 ./configure make make install
After this we can install the extension:
pecl install xdiff
And finally add it to PHP and restart the service.
echo 'extension=xdiff.so' >> /etc/php/7.4/mods-available/xdiff.ini ln -s /etc/php/7.4/mods-available/xdiff.ini /etc/php/7.4/fpm/conf.d/30-xdiff.ini
With this, we would already have PHP configured so that everything that is the core, WordPress itself, works 100% without problem and in the Site Health no alert related to PHP comes out.
Plugins and other extensions
But make no mistake, WordPress is powerful mainly because of the plugins that allow the extension of functionality. For this test, I have taken as a basis the most popular from the official repository.
First I will put a list of those that, with the extensions that we already have working, can run without problem.
- Contact Form 7 (v5.1.4) requires PHP 5.3.0
- Akismet Anti-Spam (v4.1.2) requires 5.2.0
- Classic Editor (v1.5) requires PHP 4.3.0
- WordPress Importer (v0.6.4) requires PHP 5.2.11
- Really Simple SSL (v3.2.5) requires 5.3.0
- Elementor Page Builder (v2.7.1) requires PHP 5.4.0
- Duplicate Post (v3.2.3) requires PHP 5.1.0
- TinyMCE Advanced (v5.2.1) requires PHP 5.2.0
- Google Analytics Dashboard Plugin for WordPress by MonsterInsights (v7.8.0) requires PHP 5.6.0beta1
- WP Super Cache (v1.7.0) requires PHP 5.4.0
- Regenerate Thumbnails (v3.1.1) requires PHP 5.1.0
- Google XML Sitemaps (v4.1.0) requires PHP 5.2.0
- Advanced Custom Fields (v5.8.3) requires PHP 5.4.0
- Autoptimize (v2.5.1) requires PHP 5.2.0
- Loco Translate (v2.3.0) requires PHP 5.5.0
- Hello Dolly (v1.7.2) requires PHP 4.0.0 (this one is simpler than a botijo)
- Better Search Replace (v1.3.3) requires PHP 5.2.0
- TablePress (v1.9.2) requires PHP 5.5.0
- Duplicator – WordPress Migration Plugin (v1.3.20) requires PHP 7.0.2
In general , plugins that focus on working with the WordPress core are quite stable in terms of PHP requirements. Of course, when we get to some more powerful plugins , we find another situation.
An important case is that of Yoast SEO (v12.0) that to work properly requires PHP 7.0.2. It is a plugin very installed and used and that usually always requires the latest minimum version of WordPress itself. Among the extra extensions it requires are the
sqlite3. I’m not sure if you need more database-related extensions (PostgreSQL or SQLite). What does make sense is mathematics (for reasons of improving calculations)? The APCu may be fine for improving cache issues.
In the case of Jetpack by WordPress.com (v7.7.1) the extra extension that is asked of us is also that of
apcuthe , which as I said, can be helpful for cache issues.
One of the most powerful is WooCommerce (v3.7.0) which has quite extensive extra requirements. Among them requires
gmp. Although it has some extra extensions that the WordPress core does not require, in principle we should already have them previously installed.
Another of the usual (and personally little recommended) is Wordfence Security – Firewall & Malware Scan (v7.4.0) that follows the line of the use of
redis. The latter, like memcaché I will leave them for the end.
Another of the usual in the world is All in One SEO Pack (v3.2.6) that as an extra requires the extension
OAuth. I don’t quite understand why, but I personally don’t think it makes much sense about loading the system with it.
Another that requires elements that also do not make great sense is Contact Form by WPForms – Drag & Drop Form Builder for WordPress (v1.5.5), since it asks
One that asks for a curious extension is All-in-One WP Migration (v7.7) a plugin for performing migrations. In this case one of the extensions it asks for is the
litespeed, which will only be necessary if we use LiteSpeed as a web server, and that with the PHP of this web server already comes.
Another one that asks for a lot of resources is UpdraftPlus WordPress Backup Plugin (v1.16.16) and that makes some sense and requires a lot of calculation. the extensions you suggest are
mhash. It has a certain logic that it asks for the BZ2 as a compression system, but not the mhash, which is already emulated in the hash itself. The case that you order APC and APCu is also curious, since one is an improved version of the next, which makes it have a backward compatibility today not very useful.
A plugin that requires many external connections and cache is Google Analytics Dashboard for WP by ExactMetrics (formerly GADWP) (v5.3.9) and that is why it includes extensions such as
apc or those of memcaché.
Another of the great plugins is W3 Total Cache (v0.10.0) which, as it makes sense, requires practically all possible cache extensions, in addition to others related to URLs. Among the extra extensions we have
uri_template. Here there will be work to allow maximum optimization.
Another optimization is WP-Optimize – Clean, Compress, Cache. (v3.0.11) which is expected to require cache elements to optimize, and so has functions for
Installing the extras
There are 3 of the extra extensions that are quite easy to install. This is the case of
bz2. The first two make a lot of sense that they are installed, since their main function is to improve the PHP mathematical calculation system. the latter has to do with file compression/decompression systems. In principle with those we already have it would be enough (
zlib) so, in principle, we will leave it parked.
apt -y install php7.4-bcmath php7.4-gmp php7.4-tidy
In the case of caches, we do have several extensions to keep in mind. They are
tidy (installed in the command above),
uri_template (it’s something quite obsolete, so it doesn’t make much sense to mount it),
Keep in mind that it is not always necessary to have all the elements installed, and you have to correctly analyze if having Redis and memcaché at the same time is necessary or one of the two can take over the object cache of the other. In the end, they are extra resources that must be mounted on the server as added services. In any case, the steps to install these extensions are as follows, since they are all Pecl.
Theoretically, the APC theme does not have many extra requirements, so we will install the extension and then add it to the PHP configuration.
pecl install apcu echo 'extension=apcu.so' >> /etc/php/7.4/mods-available/apcu.ini ln -s /etc/php/7.4/mods-available/apcu.ini /etc/php/7.4/fpm/conf.d/30-apcu.ini
If you have a Redis server installed, this extension allows PHP to connect natively with Redis and be able to store data on this server. To install it (in addition to installing Redis) you have to run the following:
pecl install redis echo 'extension=redis.so' >> /etc/php/7.4/mods-available/redis.ini ln -s /etc/php/7.4/mods-available/redis.ini /etc/php/7.4/fpm/conf.d/30-redis.ini
In the same way as Redis, Memcached is an external caching system that requires its own service/server installed, so for PHP to be able to connect it requires the place to connect. To install it we have to do something similar to the previous ones:
apt -y install libmemcached-tools libmemcached-dev pecl install memcached echo 'extension=memcached.so' >> /etc/php/7.4/mods-available/memcached.ini ln -s /etc/php/7.4/mods-available/memcached.ini /etc/php/7.4/fpm/conf.d/30-memcached.ini
In any case, we will have to restart PHP-FPM and the web server.
What extensions we will have finally installed
If we have installed everything that has been explained in this article, when we finish the installation and restart of PHP, we will have this list of extensions included in the system, plenty enough for WordPress to work 100%.
- cgi-fcgi (being as PHP-FPM)
- memcached (requires a Memcached urder installed to be useful)
- redis (requires a Redis server installed to be useful)
- Zend OPcache
Which version of PHP to have active
The answer, for WordPress version 5.2.3 (and for WordPress 5.3.0) has a quick answer: PHP 7.2.x. Any minor version includes elements that might not be standard with elements, especially cryptography, and that we could consider less secure (I do not say insecure) regarding previous versions.
EWWW Image Optimizer (v4.9.3): In this case several image-related extensions are called as
imagick. Theoretically, the second is not necessary as it is an obsolete version and that, with what we have installed, does not require any extra.
About this document
This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.