A massive chunk of the web runs on PHP.
Wikipedia. Etsy. Every single WordPress-based site, from the personal blogs we all set up in 2008 and largely forgot about to some of the biggest tech news outlets in the world.
If you try to calculate the percentage of websites that run on PHP, the math inherently gets a bit hand-wavey. Lots of sites don’t declare the languages that are running under the hood. Of those that do declare it, the most cited percentage pins it at around 70% PHP.
Whatever the percentage, what I first said holds true: it’s massive. Millions and millions and millions of sites.
Now, most people don’t think all that much about the languages that make their favorite websites work. You’re reading this on a site called “Open Source Pledge” so it’s reasonable to assume that you might think about it at least a little — but the very vast majority of the Internet-browsing population? Probably not.
But languages like PHP are a funny thing. They’re tools for building, but they’re not analogous to hammers and saws. They’re tools that grow, and evolve, and get new features. They (hopefully) get more efficient. Security issues are discovered and (again, hopefully) get patched.
What happens if that progress and maintenance just… stops? If the primary people tasked with overseeing/wrangling/maintaining a language decide — whether it’s due to a new job, or a new interest, etc — to move on?
I recently spoke with Roman Pronskiy, co-founder and Executive Director of The PHP Foundation, about why the foundation exists and why they strive to ensure it’s always someone’s (or, ideally, many someones’) job to know PHP inside and out.
——
“There was a point around… maybe, 2017 or 2018,” Roman says. “where it was just two people who were getting paid to work on the language. The rest were contributors; enthusiasts working on it in their free time.”
“This entire technology, maintained by just two people? That’s crazy. That sort of thing is fine if it’s a pet project,” he adds. “But if it’s a technology that so many businesses and millions of websites rely on? It’s a ridiculous situation.”
From that realization, The PHP Foundation was born.
“In 2021, I reached out to a few companies in the PHP ecosystem,” says Roman. “Basically, companies that had built their business on top of PHP. I asked them: ‘What can we do about this?’”
The foundation concept was something that had been tried before, but previous attempts hadn’t really gone anywhere.
“I think there was some skepticism about it because it wasn’t the first attempt — actually, this was at least the third.”
This time would be different. Ten companies came on as founding members — including Automattic (the company behind WordPress), Laravel, Zend (an absolutely critical player in PHP’s story, having built the Zend runtime that powers PHP), and JetBrains (creators of the PhpStorm IDE, and the company paying Roman to lead this charge.)
Their day one goal:
The PHP Foundation will be a non-profit organization whose mission is to ensure the long life and prosperity of the PHP language.
This foundation wouldn’t own PHP, by any means — but they’d be stewards of the language, ensuring that there were always multiple people whose literal job it was to understand its innermost workings and improve upon it. The foundation would be funded mostly by its members, from individuals contributing hundreds of dollars to companies contributing tens or hundreds of thousands.
Step one: make sure those aforementioned enthusiasts got paid, then pay more people to make PHP their primary focus.
Why? It all boils down to the “bus factor” — which, to get morbid for a second, essentially means “how toast is the entire project if one core member gets hit by a bus? How much knowledge vanishes?” (Roman likes to capture it in a lighter way, asking “What if one key person decides to go be a bus driver instead?”)
30 years and millions of websites in, PHP is a complex beast. It’s Open Source, so anyone can come in, learn the processes, and contribute code. But it’s not the kind of thing that one can easily airdrop into and start making huge fixes; little changes can have not-so-obvious impacts, so you need people who know how changes might ripple out. People who understand why things are built the way they are.
As Roman puts it: “The learning curve to contribute is… quite steep.”
And there’s a bit more to it than just being good with PHP itself; in many cases, contributors need to understand the underlying C-based runtime — the bit that makes PHP actually do something on the server — and how it all fits together. By increasing the number of people whose job it is to know PHP at its deepest levels, the “bus factor” risk goes down.
Today the PHP Foundation pays ten core developers to work on PHP full or part time. Most of the top ten contributors to PHP, Roman tells me, are funded by the PHP Foundation.
So what do they work on, day-to-day?
“80% of the work is just maintenance,” says Roman. “Yeah, developing new features, it’s fun — but maintaining things, fixing bugs, fixing security issues, that’s where we have to focus.”
“There’s always something to change… and when you change things, there’s bugs. It’s like a house; whenever you fix one thing, you discover other issues.”
“And continuing this analogy: imagine this house is surrounded by people who want to break in. So while fixing bugs you’re also looking for holes in your fence, making sure the locks are all modern, etc. Hackers attack businesses every day, and find new techniques to attack servers — we fix the security issues, and we organize security audits to pay [outside experts] to come and analyze and proactively prevent these attacks.”
They also help to review code contributions — to check that the code is sound, to make sure any changes are broadly useful, and to help ensure that no one is trying to sneak malicious code in under the guise of helping.
Beyond bugs and security issues, there’s a third, perhaps less-obviously-glamorous challenge to tackle: efficiency. Across millions of sites, even seemingly small improvements to PHP’s efficiency play out in huge ways. “If PHP becomes 1% faster,” says Roman, “it saves millions of dollars across the businesses that rely on PHP.“
But even if they could wave a wand and make PHP perfectly bug free, infallibly secure, and maximally efficient, The PHP Foundation will have work to do in just letting people know about the work they’ve already done. In 2024, a new line was added to The PHP Foundation’s mission statement: "The PHP Foundation aims to promote the public image of the PHP language in the interest of retaining existing and gaining new users and contributors.”
“There are people who haven’t touched PHP in maybe 10 years,” Roman tells me. “But PHP has changed significantly in the last 10 years. One of our goals is just to make sure people understand: PHP today is a modern and well-maintained language.”
Want to find out more about The PHP Foundation? You can check out their website — or, since they handle funding through Open Collective, even check out who’s contributing and how the money is spent.