WordPress drops security support for older installations

wordpress ending support 632963354c07c sej


WordPress has issued a three-month warning to stop all security updates for older installations versions 3.7-4.0. Affected installations will receive a permanent notification that cannot be ignored.

Old WordPress installation

WordPress versions 3.7-4.0 will not receive security updates after December 1, 2022.

Anyone using these older versions of WordPress will put their site at risk of being hacked after the last day of support.

The reason we are discontinuing security support is so that the core WordPress development team can focus on updating the latest version without the burden of keeping older versions up to date.

According to the WordPress announcement:

“Officially, WordPress only provides support for the latest versions of the software.

Security teams have historically had a practice of backporting security fixes as a courtesy to older versions of sites in hopes that the site will be automatically updated.

Until now, these courteous backports included all versions of WordPress that support automatic updates.

Versions WordPress 3.7 – 4.0 have reached usage level. That means less than 1% of total installs, and the benefits of providing these updates outweigh the effort involved.

…By dropping support for these older versions, newer versions of WordPress will be more secure, allowing you to spend more time focusing on your needs. ”

What version should publishers update to?

WordPress advises publishers to update to the latest installation (currently version 6.0.2).

That said, WordPress will continue to provide security support for version 4.01 released in 2015.

This means that publishers using older versions of WordPress can upgrade to 4.01 to avoid website instability due to outdated themes, plugins, or PHP versions in use.

However, WordPress backports security updates to older versions, but not hardening updates, so it is not recommended.

Security updates are patches designed to block specific critical vulnerabilities.

Hardening means updating the code to make it more secure.

Some believe that requiring users of older versions of WordPress to update to the latest version may be perceived as dangerous, as it may cause the website to stop working.

One commenter posted:

“Skipping eight years of new releases at once is a risky operation, and offering only that option may discourage many site owners from doing it. “Are you going to hit the button and see if the 8-year update gets around the problem, or do you expect the best to the current version that has worked so far?”

permanent notice

WordPress posted that if you install from version 4.0 or earlier, you will receive a notification within your WordPress installation, warning publishers that that version has been deprecated and finished security updates, and encouraging them to update to the latest version.

screenshot of permanent notification

Screenshot of WordPress update notification

Number of older versions still in use

According to WordPress statistics, the number of older versions impacted by this decision is less than 1% of total installs.

Therefore, this change will not affect the majority of WordPress publishers.


Read the official announcement

Removal of security updates for WordPress versions 3.7 to 4.0

Featured image by Shutterstock/Luis Molinero

screenshot by author


Source link

What do you think?

Leave a Reply

GIPHY App Key not set. Please check settings

    Cullen Fischel of Cleveland

    Cleveland’s Cullen Fischel on the future of web design

    moscow large

    The Daily Herald – Zelenskiy calls for punishment of Russia including loss of UN veto