For a technology that has been in stable release since May 22, 2000, PHP 4 has finally reached the end of its official life. With the release of PHP 4.4.9, official support has ended and the final security patch for the platform issued.
Web hosts and web developers across the net have now lost another reason not to upgrade their development and support environments to current generation tools. With PHP 5 offering a viable upgrade path for the last few years, the recommendation is for addministrators and developers is to move to the PHP 5 platform (if they haven't already done so), which is currently at 5.2.6. PHP 4 developers that have not previously been introduced to PHP 5 may find that some code will need to be refactored, but a well-designed application will need fairly minimal tinkering to function with the new version.
With eight years of legacy code out there, it is likely that there are going to be a fairly large number of systems that will not migrate to PHP 5 in the near future, and a reasonable proportion of those that will not make the migration at all. For those who are not able to migrate their systems to the new version of PHP noted PHP security expert, Stefan Esser, will continue to provide third party security patching for the PHP 4 line through his Suhosin product.
This will only buy developers and administrators a few months of time, as Stefan will end incorporating security updates for PHP 4 at the end of 2008.
If for no other reason, the lack of ongoing security patch support for the platform should be enough reason for developers and administrators to make the switch to PHP 5 and look at limiting the number of PHP 4 systems that are outward facing on any network. If you haven't started a migration plan or even looking at what might need to be done, now is the time to do so. If you already have a plan in action, it is important to try and have it completed prior to the end of third party security support for the platform (i.e. the end of the year would be a good time).