WordPress Drops Security Support for Older Installations
20 September 2022. minute read
WordPress warned customers to update to the most recent versions as it would stop providing security updates for versions 3.7 through 4.0 by December 2022.
WordPress warned customers to update to the most recent versions as it would stop providing security updates for versions 3.7 through 4.0 by December 2022.
For installations using versions 3.7 to 4.0, WordPress issued a three-month warning that it is stopping all security updates. A permanent notification that cannot be ignored will be displayed on the impacted installations.
WordPress installations that are outdated
Beginning on December 1, 2022, security updates for WordPress versions 3.7 through 4.0 will stop.
After the support for these outdated versions of WordPress ends, anyone still using them exposes their websites to hacking attacks.
The WordPress core development team claims that by not having to maintain security support for earlier versions, they can concentrate more effectively on updating the most recent versions.
According to the WordPress announcement:
“Officially WordPress only provides support for the latest version of the software.
The Security team historically has a practice of backporting security fixes as a courtesy to sites on older versions in the expectation the sites will be automatically updated.
Until now, these courtesy backports have included all versions of WordPress supporting automatic updates.
Versions WordPress 3.7 – 4.0 have reached levels of usage, namely less than 1% of total installs, where the benefit of providing these updates is outweighed by the effort involved.
…By dropping support for these older versions, the newer versions of WordPress will become more secure as more time can be focused on their needs.”
To which version ought publishers to update?
Publishers are advised by WordPress to update to the most recent installation, which is 6.0.2 right now.
However, WordPress will continue to offer security support for the 2015-released version 4.01 of the software.
This means that publishers using previous versions of WordPress could upgrade to 4.01 in order to prevent the use of outdated themes, plugins, or PHP versions from causing instability on their websites.
However, WordPress does not advise doing this because hardening upgrades are not backported to older versions, whereas security updates are.
Security updates are patches created to prevent a certain set of serious vulnerabilities.
Some people think that forcing users of previous versions of WordPress to update to the most recent version can be seen as hazardous because it could lead to a website that isn't functional.