Many cPanel & WHM servers today are still running websites on PHP 5.6 through PHP 8.1. These versions are no longer supported upstream and no longer receive official security updates.
For hosting providers, this creates a difficult decision.
You can require customers to upgrade to a newer PHP version. But that often means code changes, compatibility issues, and the risk of breaking live websites.
Or you can allow sites to continue running on unsupported PHP versions, knowing that security patches are no longer being released.
Neither option is ideal.
Extended PHP Support (PHP ELS) for cPanel & WHM was introduced to address this exact situation. It provides security-patched builds for unsupported PHP 5.6–8.1, allowing websites to remain on their current PHP version while still receiving ongoing security fixes.
The Scale of the Problem
This is not an edge case. Across eligible cPanel servers that are not running CloudLinux OS, millions of sites still run on older PHP versions across hundreds of thousands of servers.
These are not inactive environments. They power ecommerce stores, business applications, and production workloads. For many providers, outdated PHP is deeply embedded in their customer base. Upgrading every site is not an overnight task. It often requires development effort, compatibility checks, and careful rollout planning.
In shared hosting environments, forced upgrades can quickly lead to broken applications and increased support load. At the same time, leaving PHP unpatched introduces real security risk.
This is the gap Extended PHP Support is designed to close.
What Extended PHP Support Actually Does
Extended PHP Support (PHP ELS), powered by TuxCare, is a paid, per-server add-on for cPanel & WHM. It delivers security-patched builds for unsupported PHP versions 5.6 through 8.1.
The key point: the visible PHP version does not change. A site running PHP 7.3 continues on PHP 7.3. A site on PHP 8.0 remains on PHP 8.0. There is no forced migration or automatic upgrade. Instead, the underlying PHP build is patched for security vulnerabilities.
PHP ELS is a focused, standalone solution for one specific problem: securing outdated PHP without disrupting live websites. CloudLinux OS, by comparison, is a broader security solution that also includes secured PHP as part of its wider feature set.
This creates a third path: neither forcing disruptive upgrades nor running unpatched PHP in production. It allows you to secure existing environments while planning modernization on your own timeline.
What This Means for cPanel Users
Extended PHP Support changes how you manage environments that cannot be upgraded immediately.
- Gain time without increasing risk: Keep legacy applications running while receiving security patches, instead of choosing between rushed upgrades and exposure.
- Reduce operational disruption: Avoid compatibility issues and unexpected downtime caused by forced version changes.
- Move from reactive fixes to planned modernization: Schedule migrations strategically, with proper testing and coordination.
- Make legacy support intentional: Treat extended lifecycle support as a defined part of your operations, not hidden overhead.
- Retain commercial flexibility: As a per-server add-on, you decide how and where to enable it across your services.
- Protect production workloads already in place: Secure active sites running older PHP versions without disrupting them.
Extended PHP Support introduces a controlled middle ground between forced upgrades and running unsupported PHP without security patches.
How to Enable Extended PHP Support
To enable Extended PHP Support:
Step 1: Confirm eligibility
Only servers that meet these criteria are eligible:
- Server runs cPanel & WHM v110 or later (initially introduced in v134, with backports to v110, 126, 130, and 132)
- Active paid cPanel & WHM license
- Not a Trial or DNS-Only license
- Not running CloudLinux OS
Step 2: Purchase the add-on
Purchase “Extended PHP Support (PHP ELS)” via cPanel Store or manage2 for the server’s licensed IP. Accept the TuxCare EULA.
The license is IP-based and server-wide. One license covers all PHP sites on that server.
Step 3: Install the secured PHP builds
After purchase, the secured PHP builds are installed on the server within a few minutes. Websites are not switched automatically. You can then switch sites to the secured PHP versions.
Step 4: Switch sites to secured PHP builds
In WHM (PHP Manager or EasyApache), identify sites running outdated PHP and move them to secured builds for versions 5.6–8.1.
Applications continue running on the same PHP version. Only the underlying build is patched.
Where PHP ELS Fits in Your Long-Term Roadmap
Once PHP ELS is enabled, the secured PHP builds are installed on the server. The next step is to move sites from outdated PHP versions to the secured PHP builds in WHM.
That gives you a more secure foundation without forcing an immediate version upgrade. From there, what matters is how you use that time.
Treat PHP ELS as a bridge. Use it to plan upgrades for legacy applications based on priority and effort. Track where extended support is being used. Identify clusters of legacy usage and plan modernization accordingly.
Communicate clearly with customers or internal teams. Extended support reduces risk today while upgrades are planned responsibly. Extended PHP Support gives you control, but its value depends on how intentionally you use it.
Secure what is running, plan what comes next, and move forward on your terms.
