Opened 3 years ago
Last modified 11 months ago
#54338 new enhancement
Site Health dashboard: "insecure PHP"
Reported by: | JavierCasares | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Site Health | Keywords: | |
Focuses: | ui-copy | Cc: |
Description
Since WordPress 5.1, the WordPress dashboard has advice about the old PHP versions, and it says something like:
WordPress has detected that your site is running an insecure version of PHP.
This is really not accurate because it can be insecure or not. For example, in a few days we will have PHP 8.1, so PHP 7.3 will be end-of-life, but this doesn't really mean that will be insecure by default.
Maybe is more accurate, using the same words as PHP says in this case: "end of life".
PHP has 3 options:
- Active support: A release that is being actively supported. Reported bugs and security issues are fixed and regular point releases are made.
- Security fixes only: A release that is supported for critical security issues only. Releases are only made on an as-needed basis.
- End of life: A release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to unpatched security vulnerabilities.
Probably, a text like this will be better:
WordPress has detected that your site is running an end-of-life / no longer supported version of PHP.
WordPress has detected that your site is running an end-of-life version of PHP.
WordPress has detected that your site is running a no longer supported version of PHP.
Hi @JavierCasares, thanks for opening this ticket! I agree that the text could be made clearer and be directed more towards WordPress users.
For WordPress users, "no longer supported" may give the false impression that WordPress will no longer support that version of PHP.
A possible revision:
WordPress has detected that your site is running a version of PHP that will not receive updates that fix bugs or security issues.
WordPress has detected that your site is running a version of PHP that will continue to receive critical security updates but will not receive updates that fix bugs.