The WordPress security team has announced that it will end support for versions 3.7 through 4.0 on December 1, 2022. To give you an idea of how old these versions are, in 2013 WordPress 3.7 introduced automatic background updates, and 3.8 updated the admin screens with a new look. Based on the MP6 plugin.
The official WordPress policy is that the security team only provides support for the latest versions, but as a courtesy we have extended backport security fixes to older versions that can receive automatic updates.
“Historically, these courteous backports included all versions of WordPress that support automatic updates,” said Peter Wilson, member of the 10up-sponsored security team. “Versions WordPress 3.7 to 4.0 have reached usage levels, i.e. less than 1% of his total installs, and the benefits of providing these updates outweigh the effort involved.”
Over half of all WordPress sites are on the latest version 6.0 or higher (54.3%), and over 99% of sites on older versions will continue to receive security updates after this change. Wilson said the decision to end support for 3.7 to 4.0 was based on information reported on the stats page.
“The impact of this imbalance is that security teams spend most of their time preparing backports for very few WordPress installations,” said Wilson. “By dropping support for these older versions, newer versions of WordPress will be more secure, allowing us to spend more time focusing on our needs.”
Over the next three months, versions 4.0 and earlier will receive their final update and display a notification on their dashboard that they cannot ignore advising users to upgrade to the latest version as their site will no longer receive security updates. To do.