WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 3 months ago

#54338 new enhancement

Site Health dashboard: "insecure PHP"

Reported by: JavierCasares Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Site Health Keywords:
Focuses: ui-copy Cc:

Description

Since WordPress 5.1, the WordPress dashboard has advice about the old PHP versions, and it says something like:

WordPress has detected that your site is running an insecure version of PHP.

This is really not accurate because it can be insecure or not. For example, in a few days we will have PHP 8.1, so PHP 7.3 will be end-of-life, but this doesn't really mean that will be insecure by default.

Maybe is more accurate, using the same words as PHP says in this case: "end of life".

PHP has 3 options:

  • Active support: A release that is being actively supported. Reported bugs and security issues are fixed and regular point releases are made.
  • Security fixes only: A release that is supported for critical security issues only. Releases are only made on an as-needed basis.
  • End of life: A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.

Probably, a text like this will be better:

WordPress has detected that your site is running an end-of-life / no longer supported version of PHP.

WordPress has detected that your site is running an end-of-life version of PHP.

WordPress has detected that your site is running a no longer supported version of PHP.

Change History (1)

#1 @costdev
3 months ago

Hi @JavierCasares, thanks for opening this ticket! I agree that the text could be made clearer and be directed more towards WordPress users.

WordPress has detected that your site is running an end-of-life / no longer supported version of PHP.
WordPress has detected that your site is running an end-of-life version of PHP.
WordPress has detected that your site is running a no longer supported version of PHP.

For WordPress users, "no longer supported" may give the false impression that WordPress will no longer support that version of PHP.

A possible revision:

WordPress has detected that your site is running a version of PHP that will not receive updates that fix bugs or security issues.

WordPress has detected that your site is running a version of PHP that will continue to receive critical security updates but will not receive updates that fix bugs.

Note: See TracTickets for help on using tickets.