Volunteers from the WordPress development community have proposed that users of potentially vulnerable PHP versions should upgrade. A concerning number of WordPress users currently utilize PHP versions that no longer receive security updates.
## WordPress Addresses 61.6% of Vulnerable Users
PHP, the scripting language that runs WordPress, is currently on version 7.3.7. PHP is frequently updated to enhance efficiency and address security vulnerabilities, except for versions that have reached “End of Life” (EOL) status. PHP versions 5.6 and 7.0 reached EOL in December 2018.
Only 38.5% of WordPress sites run on an up-to-date version of PHP. PHP version 7.1 is set to reach EOL in December 2019. Official statistics show that 45.3% of WordPress users still use PHP versions 5.6 and 7.0, and an additional 16.3% use versions even older than 5.6. This totals 61.6% of WordPress users operating on versions of PHP that no longer receive security updates.
## 61.6% of WordPress Users are Vulnerable
This means that 61.6% of WordPress sites are potentially vulnerable to hacking. The proposal from WordPress aims to get all out-of-date PHP users to upgrade by displaying a nag screen to alert them. This will affect users of PHP versions 5.6 and below, as well as those still on version 7.0.
### Proposed Timeline
1. Display a PHP update widget for PHP 5.6 users. This will alert anyone using PHP 5.6 or below on WordPress 5.1+ to upgrade their PHP version.
2. Extend the update widget to users of PHP 7.0 and below.
3. Based on support and statistics from the previous steps, there will be a discussion on whether to display the update widget for PHP 7.1 users or directly increase the minimum required version to PHP 7.2.
### WordPress Proposal for Nag Screen Widget
The official proposal includes showing a nag screen to users, urging them to upgrade their PHP.
Here’s an excerpt from the official announcement:
“I would like to propose we trigger displaying the PHP update widget for users of PHP 5.6 in WordPress.”
At the time of writing, WordPress stats show:
– PHP 5.6 has a usage share of 29.1%
– PHP 7.0 has a usage share of 16.2%
– PHP 7.1 has a usage share of 13.2%
The initial nag screens may appear as soon as August 5, 2019. The timeline for subsequent nag screens for PHP 7.0 users will depend on adoption rates and support load from the initial updates. The suggestion is to start showing the update recommendation for users of PHP 5.6 or lower starting August 5th, with further warnings to PHP 7.0 users to be announced later.
Read the official discussion for more details on the proposal to increase the recommended PHP version in WordPress.
