· Vimal Hari · Web Development · 10 min read
Laravel Upgrade Cost UK: What It Takes to Get Current (2026)
What a Laravel upgrade actually costs a UK business in 2026 — where the supported line sits today, why the framework hop is the cheap part, what really drives the bill, and honest £ ranges from a Slough-based Laravel company.

Here is the short version. If your Laravel app is maintained and you are one major version behind, upgrading is a maintenance task, not a project — Laravel’s own upgrade guide estimates ten minutes of work, and the tooling to automate it costs $19. If your app has sat on an end-of-life release for two or three years, the framework hop is still not the expensive part. The expensive part is what the hop exposes: abandoned packages, a PHP floor that moved underneath you, and — decisively — the tests you never wrote.
That gap is why “how much does a Laravel upgrade cost?” gets such wildly different answers. They are two different products wearing the same name. This guide separates them, using Laravel’s published dates rather than vibes.
Where the supported line actually sits
Laravel’s policy is published and unambiguous: “For all Laravel releases, bug fixes are provided for 18 months and security fixes are provided for 2 years.” Majors land roughly every Q1. There is no LTS track any more — the longer policy applied to Laravel 6, and every modern release gets the uniform 18 months and 2 years. If someone offers you an “LTS version” to settle on, they are describing something that does not exist.
Laravel’s own support table, dates verbatim from the 13.x release notes:
| Version | PHP | Released | Bug fixes until | Security fixes until |
|---|---|---|---|---|
| Laravel 10 | 8.1 – 8.3 | 14 Feb 2023 | 6 Aug 2024 | 4 Feb 2025 |
| Laravel 11 | 8.2 – 8.4 | 12 Mar 2024 | 3 Sep 2025 | 12 Mar 2026 |
| Laravel 12 | 8.2 – 8.5 | 24 Feb 2025 | 13 Aug 2026 | 24 Feb 2027 |
| Laravel 13 | 8.3 – 8.5 | 17 Mar 2026 | Q3 2027 | 17 Mar 2028 |
Read those dates against today (published 16 July 2026) and the picture is more awkward than most people assume:
- Laravel 10 stopped receiving security fixes on 4 February 2025 — no patches of any kind for over seventeen months.
- Laravel 11 stopped receiving security fixes on 12 March 2026. This is the one that catches UK businesses out. Laravel 11 still feels recent — it shipped in 2024, and plenty of agencies were still building on it last year — yet it now receives nothing at all.
- Laravel 12 is still in full bug-fix support, but only until 13 August 2026 — under a month away. After that, security fixes only, to 24 February 2027.
- Laravel 13 is current, with security cover to 17 March 2028 — the longest runway you can buy.
In practice: if you are on Laravel 10 or 11 today, a newly disclosed framework vulnerability does not get a patch for you. Not “gets one slowly” — does not get one. That is the security argument, and it needs no scaremongering.
The PHP problem sitting underneath
The framework is half of it. PHP runs its own clock: two years of active support, then two more of security fixes, per php.net.
| PHP | Released | Active support until | Security support until |
|---|---|---|---|
| 8.2 | 8 Dec 2022 | 31 Dec 2024 | 31 Dec 2026 |
| 8.3 | 23 Nov 2023 | 31 Dec 2025 | 31 Dec 2027 |
| 8.4 | 21 Nov 2024 | 31 Dec 2026 | 31 Dec 2028 |
| 8.5 | 20 Nov 2025 | 31 Dec 2027 | 31 Dec 2029 |
Two things fall out of that table that are easy to miss.
First: Laravel 13’s minimum PHP is 8.3 — and PHP 8.3’s active support ended on 31 December 2025. Meeting Laravel 13’s floor does not put you on a fully supported PHP; it puts you on a security-only branch that goes dark on 31 December 2027. If you are doing the work anyway, target 8.4 or 8.5.
Second: the double deadline. A Laravel 12 app on PHP 8.2 — a common UK SME configuration — has two clocks expiring within five months of each other. Laravel 12 loses bug fixes on 13 August 2026; PHP 8.2 goes fully end-of-life on 31 December 2026. Budget once, not twice.
The hiring liability
The security case is obvious. The quieter cost is people. IT Jobs Watch shows a median contract rate around £450 per day for “PHP Developer” roles and £425 per day for roles citing Laravel in the six months to 15 July 2026 — but treat those with real caution. They rest on tiny samples (eleven quoted rates from thirteen Laravel ads; ten from fifteen PHP ads), and the noise shows: the two series moved in opposite directions year on year, and “Senior PHP Developer” reads lower than plain “PHP Developer”. They are advertised contractor rates — not what a UK company charges for an upgrade, and not a quote basis. PayScale puts the average UK PHP Developer salary at £38,698 (a self-reported aggregate, not an ONS figure).
The useful signal is not the number but the volume: PHP contract ads fell from 33 to 15 year on year. Whoever you hire onto a Laravel 8 codebase in 2027 comes from a smaller pool — and will want to modernise it as their first act anyway.
The two upgrades
Case one: the maintained app, one hop behind
This is genuinely cheap, and Laravel has worked hard to make it so. Their published estimates: five minutes for Laravel 11 → 12, ten minutes for 12 → 13, with the framing that “most Laravel applications may upgrade to Laravel 13 without changing much application code.”
Those are the vendor’s estimates for a clean, well-tested app, and they cover the framework hop only — not a project estimate. But they are directionally honest. For 11 → 12, the only high-impact items are updating your dependencies and the Laravel installer: no application code change at all. For 12 → 13, the high-impact list adds exactly one code change — CSRF middleware renamed from VerifyCsrfToken to PreventRequestForgery, now verifying request origin via the Sec-Fetch-Site header. The old names survive as deprecated aliases, so this mainly bites where you exclude the middleware explicitly (->withoutMiddleware([...]) in tests and routes).
If your app is in this state, do not let anyone sell you a project. It is a morning’s work and a regression run.
Case two: the end-of-life catch-up
This is where the money goes. An app on Laravel 8 must traverse every major sequentially to reach 13, and the framework changes at each hop are documented and finite. What is not finite — and what actually drives your bill:
- Third-party packages. The framework maintains backwards compatibility; your dependencies may not have a maintainer at all. Every abandoned package is a decision: replace, fork, or remove.
- The moving PHP floor. Laravel 13 requires PHP ≥ 8.3. The PHP jump can be a bigger job than the Laravel one.
- Carbon 2 → 3 at Laravel 12. Carbon 2.x support was removed, and date handling is everywhere in a business app.
- The quiet breakages. Laravel 13 depends on
symfony/polyfill-php85, which defines globalarray_first()/array_last()on PHP < 8.5 — conflicting withlaravel/helpersand custom global helpers, with different semantics (legacyarray_first()took a callback; the polyfill just returns the first element). Default cache prefixes and session cookie names switch underscores to hyphens, silently invalidating caches and sessions on apps relying on framework fallbacks. And MySQLDELETEwithJOIN,ORDER BYandLIMITcan now throw where it previously ran an unbounded delete — a bug fix that will look like a regression at 2am. - Test coverage — or its absence. The decisive one. Laravel’s per-hop estimates assume you hit only a portion of the documented changes and can prove it in seconds. With no test suite, every breaking change becomes open-ended manual regression testing across the whole application. Thin tests are what convert a checklist into a project.
None of the five is the framework.
Tooling: Shift, Boost, or hands-on
Laravel Shift is real, and Laravel’s own upgrade guide recommends it: “Shift is a community-maintained service that automates Laravel upgrades.” Pricing is in US dollars, billed per major-version hop: Laravel 5.0 through 11.x are $39 each, 12.x is $29, 13.x is $19, PreShift is free. Shift also sells Human Shifts — consulting hours from its operator at $350 for one hour, $950 for three, $2,500 for eight.
Because Shift bills per hop, tooling cost scales with how far behind you are. An app stranded on Laravel 8 needs 9.x + 10.x + 11.x + 12.x + 13.x — $165 of tooling by our arithmetic. Trivially cheap, and that is the point: automation is never the line item that hurts. The labour of fixing what each hop surfaces is the bill.
Laravel Boost is the 2026 development — a free, first-party MCP server. Laravel 13’s upgrade guide now documents “Upgrading Using AI”: install Boost (^2.0) in a Laravel 12 app and an /upgrade-laravel-v13 slash command runs guided upgrade prompts inside Claude Code, Cursor, OpenCode, Gemini or VS Code. The vendor now ships a free AI-assisted path for the current hop. Treat it as a documented first-party option, not a proven substitute for a developer — it still needs someone who can tell a real regression from a passing test.
Hands-on earns its place where neither can help: package replacement decisions, PHP migration, architectural calls, and the tests that make any of this verifiable.
What we charge
Straight numbers, all excluding VAT, consistent with our pricing page:
- Code and infrastructure audit: £2,500–£5,000, credited in full against remedial work. You own the written report, covering security posture, upgrade path, code quality and a cost forecast.
- Remediation: fixed-price, quoted after the audit. Not a day rate. We will not put a number on a multi-version catch-up before looking, because the number lives in your dependency list and your test coverage — and we have not seen either. Anyone quoting your Laravel 8 → 13 upgrade off a phone call is guessing.
- Ongoing ownership: from £6,000/month for a standing product team, or a documented handover to your own hire. Either is fine.
Audit-first is the only honest way to price the second case. Takeovers are covered on the Laravel rescue page; new builds start at £4,000–£12,000 for a Laravel MVP over on Laravel development.
Decision checklist
Run through these before you spend anything:
- What Laravel version are you on?
composer show laravel/framework. If it starts with 10 or 11, you receive no security patches today. - What PHP version?
php -v. If it is 8.2 or below, your hard deadline is 31 December 2026. - Do you have a test suite that passes? This answer moves the cost more than any other. Yes → case one. No → the first invoice should be for tests, not upgrades.
- How many majors behind are you? One → book a morning. Two → a scoped piece of work. Three or more → get an audit before anyone quotes.
- When did you last run
composer outdated? The packages with no release in two years are your real risk register. - Are you upgrading, or should you be rebuilding? Sometimes the honest answer is neither — if the app no longer matches the business, an upgrade preserves the wrong thing. We will say so if we think it.
Compounding is what matters most. Every year you skip adds a mandatory sequential hop, and each hop drags its own package breakage, PHP floor and regression surface with it. Laravel 11 was current two years ago and receives nothing today; Laravel 12 loses bug fixes next month. The cheapest upgrade you will ever do is the one you do while you are one version behind.
To find out which case you are in, get in touch with your Laravel version, your PHP version, and an honest answer about test coverage. Those three facts are usually enough for us to say whether you need a morning or an audit — and we would rather tell you it is a morning.



