Insecure PHP Notice

by tnolen
/
Comment Closed

May 2021 – WordPress has a “Site Health” feature which makes recommendations about your host and site’s setup.   Recently, many users have been asking about a notice that they have seen in the dashboard starting that the server is running an insecure version of PHP and it should be upgraded.   This article addresses that notice.

The wording on those warnings is unfortunate. The servers displaying that are running Ubuntu 18.04 which is an LTS release (Long Term Support). The way Debian-based releases work (Ubuntu is Debian-based) is that they keep the versioning the same so as to guarantee compatibility throughout the life of the release, but they do patch the security issues. So, it is not actually an insecure release, but does behave has 7.2 PHP.  Most websites are currently on “shared servers” which are ones that house many sites. We run LTS releases because moving from PHP version to version frequently breaks *a lot*.  The newest sites being turned up have gone on 20.04 servers (and PHP 7.4 release), but there are currently issues with 7.4. For instance, email for forms, etc. does not support encryption like SSL or STARTTLS. We’re trying to get all of the bugs worked out of 7.4 before moving all of the servers up to the newest release and the usual schedule for doing that is in the 4th year of support – which in this case would be around April of 2022.

If you have any questions regarding this or if your site has a specific requirement for a PHP version greater than 7.2, please contact us at support@internetpro.net.