Make WordPress Core

Opened 3 years ago

Last modified 11 months ago

#54338 new enhancement

Site Health dashboard: "insecure PHP"

Reported by: javiercasares's profile JavierCasares Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Site Health Keywords:
Focuses: ui-copy Cc:

Description

Since WordPress 5.1, the WordPress dashboard has advice about the old PHP versions, and it says something like:

WordPress has detected that your site is running an insecure version of PHP.

This is really not accurate because it can be insecure or not. For example, in a few days we will have PHP 8.1, so PHP 7.3 will be end-of-life, but this doesn't really mean that will be insecure by default.

Maybe is more accurate, using the same words as PHP says in this case: "end of life".

PHP has 3 options:

  • Active support: A release that is being actively supported. Reported bugs and security issues are fixed and regular point releases are made.
  • Security fixes only: A release that is supported for critical security issues only. Releases are only made on an as-needed basis.
  • End of life: A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.

Probably, a text like this will be better:

WordPress has detected that your site is running an end-of-life / no longer supported version of PHP.

WordPress has detected that your site is running an end-of-life version of PHP.

WordPress has detected that your site is running a no longer supported version of PHP.

Change History (9)

#1 @costdev
3 years ago

Hi @JavierCasares, thanks for opening this ticket! I agree that the text could be made clearer and be directed more towards WordPress users.

WordPress has detected that your site is running an end-of-life / no longer supported version of PHP.
WordPress has detected that your site is running an end-of-life version of PHP.
WordPress has detected that your site is running a no longer supported version of PHP.

For WordPress users, "no longer supported" may give the false impression that WordPress will no longer support that version of PHP.

A possible revision:

WordPress has detected that your site is running a version of PHP that will not receive updates that fix bugs or security issues.

WordPress has detected that your site is running a version of PHP that will continue to receive critical security updates but will not receive updates that fix bugs.

This ticket was mentioned in Slack in #hosting-community by javier. View the logs.


2 years ago

This ticket was mentioned in Slack in #hosting-community by amykamala. View the logs.


2 years ago

This ticket was mentioned in Slack in #hosting-community by javier. View the logs.


2 years ago

This ticket was mentioned in Slack in #hosting-community by chaion07. View the logs.


2 years ago

This ticket was mentioned in Slack in #hosting-community by jadonn. View the logs.


2 years ago

This ticket was mentioned in Slack in #hosting by javier. View the logs.


11 months ago

This ticket was mentioned in Slack in #hosting by crixu. View the logs.


11 months ago

Note: See TracTickets for help on using tickets.