Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases.
If you’re working on new software today (that hasn’t seen production use yet) you should be on PHP 8.0. As far as I am concerned, this is not up for debate.
It ensures a great developer experience due to the new additions in PHP 8.0 (really great ones, see a list here), and ensures the upgrade path to 8.1 is smooth when that version is released later this year.
If you’re working on legacy projects, you might still be on PHP 7.4. You should be looking into upgrading to PHP 8.0, if possible.
If you’re on something older than PHP 7.4, you should really upgrade to at least PHP 7.4. Remember, PHP 7.3 receives — at the time of writing — only more 9 months of active security updates.
After that time, your code could potentially be a security risk. (Let me assure you, if your service gets owned by some malicious party and a lot of data is compromised, that isn’t a good look.)
I consider it a sign of good company culture if you’re on top of things by keeping your software stack up-to-date. It signals to the rest of the world that you’re keeping up with the latest tech, and allows you to offer the best developer experience to your employees.
If I was looking for a job, I’d be on the lookout for a company who has been building stuff on top of PHP 8.0. It would be a red flag for me if they were still working with PHP < 7.3, because it signals to me that their stack is out of date.
There is no good reason not to try to upgrade as soon as possible to the latest version of PHP.
If your excuse is that it may be difficult with the current hosting setup, you should know that you can run multiple versions of PHP on the same server.
If you’re not upgrading because of dependencies that keep you on an older version, you should rethink those dependencies (or upgrade as soon as those support the latest version).
The best package maintainers try to be on top of things and have their packages ready either before the official release, or soon after. It’s okay to give these folks a little bit of time but you don’t want to be held back either.
Personally, I’d recommend upgrading to the latest version of PHP within two months of its initial release. Support for the new version tends to be pretty good by then when it comes to third party packages.
For this site, I try to upgrade it as soon as possible, and generally within two weeks after the latest version has been released, it runs the latest version of PHP. It is a great way for me to get a feel for the new features in a non-work environment.
Sooner or later you’ll probably have to upgrade your code base anyway, so you might as well do it sooner rather than later. This also avoids technical debt.
In many cases, if you remain up-to-date, each yearly upgrade is relatively minor. If you are multiple versions behind, it gets harder.
If you frequently switch between different versions of PHP (as you might be when upgrading your app to the latest version of PHP!) you may want to check out my Mac app. It’s called PHP Monitor, and it’s totally free and open source! It helps you switch between different PHP versions installed via Homebrew.