It is all of the other sites sharing on the same server who need to be afraid of those not upgrading as not upgrading produces a potential security hole on the server.
No wonder WordPress has such a bad reputation if 90% of installs are not up to date.
I used to work at a web agency who did’nt care about upgrading unless the customer directly paid for the upgrade. So instead we used alot of time to fixed those sites which got hacked WITHOUT the customer paying.
It doesn’t matter what developer you are, this is a general “developer commandment” I believe in.
A lot of times too, especially helping on the Internet, you might try and help someone, only to learn, you aren’t quite right yourself. So you also end up learning too. I think, as a developer, being humble in knowing that I don’t know everything, is also important. It is actually another commandment.
“Thou shall always be humble and never think thy knowledge is all encompassing!”
The other commandment from Bruno could be
“Thou shall always help the lesser knowing developer”.
You can not directly criticize PHP. PHP is an open source language and you can learn form the internet, there are thousand of tutorials are available. You can make PHP secure by powerful scripting.
PHP is a very popular language, because it appears to be simple to learn. There is a lot of tutorials out there, but (as already said) most of them are outdated or lack security considerations.
I think, the major problem is not the core. The main problem are the old versions on small servers running, because the admins are big hosting companies and they do not want to explain to the user why a specific script can not run.
A lot of PHP programmers do a lot of coding in their free time and security has always been a pain in the a**. You can break things really fast, if you don’t know what you do in the update process.
PHP (like other server technology) is open to attacks from all over the world, this fact must be emphasized on the main PHP help pages.
To fix this, we have to:
provide best practices for novices (escape input / output, check input boundaries etc.)
provide anti-patterns
encourage big frameworks to move to newer PHP versions and drop old version support
If you are an amatour, you should use easier to learn PHP, for instance Yii
You can read more about its benefits comparing to other PHP in this article http://webinerds.com/seven-cmss-consider-designing-website/
When you become more aware of how it works you can try to begin your work with Symphony 2
Some tutorial
Updating the PHP is a far better way, other than weeping over the split milk. If you are updating the PHP regularly then you will get the better results and if you are not doing so then you surely will face the brunt of your slackness.