PHP 5.6 will NOT receive security updates after 31 Dec 2018 (in days).
PHP 7.0 will NOT receive security updates after 3 Dec 2018 (in days).
PHP 7.1 will receive security updates until 1 Dec 2019.
PHP 7.2 will receive security updates until 30 Nov 2020.
PHP 7.3 will receive security updates until 6 Dec 2021.
Your web server or host may disable the version header. There are other ways you can find out:
If your software supports 7.x, it can be as simple as upgrading the package on your server. Check out a guide for your specific operating system on how to do this. For example, here is how to do it for Ubuntu.
If your software contains 5.x-only features, you will need to update your software. Hiring a developer (contains a guide on some of the things to look out for when migrating. Virtually all frameworks support PHP 7.x so upgrading is a matter of updating the glue code.) will allow you to get the benefits from the latest PHP version. The official website
PHP 7.x ships using the PHPNG engine, giving drastic improvements in speed and CPU usage. This makes the whole site more responsive and search engines, like Google, use page speed in their ranking algorithm.
This benchmark from Kinsta.com shows the improvements to requests/second for WordPress:
Phoronix ran PHPBench on different versions and found this:
One of my clients upgraded their PHP application in 2016 and saw this kind of CPU usage drop:
This has the potential to reduce server requirements, and therefore costs.
PHP doesn't have the best track record when it comes to security vulnerabilities. When a version reaches end of life status, it stops getting future security updates. This can present a risk to both yourself, and your users. All it takes is someone holding on to a 0-day exploit for everyone to have a very bad time.
Each minor version bump in PHP comes with new language features that allow for more terse, expressive code.