It has been announced by WordPress development volunteers to urge users to upgrade their potentially vulnerable versions of PHP. The reason being, still a lot of WordPress users are using PHP versions that do not receive security updates. And everyone knows that PHP is the underlying script language that is run on WordPress. And the most recent PHP version is 7.3.7.
PHP constantly updates itself to ensure that it remains efficient and helps to patch up security issues. However, this does not apply for versions that have reached “End of Life” (EOL) status. Please note that PHP versions 5.6 & 7.0 reached the end of life in December 2018. You should also note that PHP version 7.1 will cease its support in the upcoming December 2019. This makes it very imperative for you, especially if you are conducting PHP web development.
There is research presented on the official WordPress website which showcases that 45.3% of WordPress publishers are running their sites on PHP versions 5.6 & 7.0. You will also be surprised to note that another 16.3% of WordPress publishers are using versions that are older than 5.6. So, if you total that up, it comes to 61.6% of WordPress publishers that are employing PHP versions that are no longer receiving security updates.
Note: There are a total of 38.5% sites that are employing valid PHP + 61.6% that are using outdated versions of PHP = 100.1%. These numbers are coming from WordPress.
So, the crux of the matter is there are still 61.6% users who are vulnerable to hacking events. WordPress has proposed to get all the outdated PHP users to update their PHP version by employing the nag screen. This includes users who are using WordPress 5.6 and below, and those who are still employing version 7.0.
WordPress has suggested a timeline to get this problem sorted. According to the proposal,
The company plans to depict the PHP update widget for PHP 5.6. This will automatically trigger the widget for the users who are employing PHP 5.6 or below on top of WordPress 5.1+ in their dashboards. It will send a warning and recommendation to update the version of PHP.
There will also be a PHP update widget present for the users who have been using PHP 7.0 and below.
Based on the support and stats received for points 1 & 2, WordPress will then hold a discussion to determine whether the next step should be to depict the PHP update widget for PHP 7.1 or directly prompt users to update to PHP 7.2 as a minimum requirement.
WordPress has proposed a nag screen widget to display. Through this screen, the users will be urged to upgrade their PHP.
Let’s now look at how the official announcement looks like:
“I would like to propose we trigger displaying the PHP update widget for users of PHP 5.6 in WordPress.
At the time of writing, the WordPress stats show that:
PHP 5.6 has a usage share of 29.1%
PHP 7.0 has a usage share of 16.2%
PHP 7.1 has a usage share of 13.2%.”
The first nag screen has already started to show up on August 5th, 2019. Subsequent nag screens will be added at a later date.
The proposed timeline looks like this:
“We suggest to start showing the update recommendation for users of PHP 5.6 or lower starting August 5th, the timeline for showing the warning to PHP 7.0 users will be announced in a followup post, and relies on factors like support load, and adoption rate from the previous increase.”
If you wish to create a creative WordPress website, get in touch with a reputed WordPress development company today!