Change PHP version of WordPress app

My YunoHost server

Hardware: VPS bought online
YunoHost version: 4.4.2
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hi guys,

just noticed I get a warning inside the WordPress dashboard that my installation is running on an end-of-life version of PHP (7.3). Would love to update it to PHP 8. Any experience with that?

Hope you’re having a nice weekend.
Cheers

I think the default php version changed with YunoHost 11.

The other way is to raise a ticket on wordpress_ynh repo to ask the maintener to change the used version. Each app using PHP decide which version to use, and it is better to change it for everyone than to just do it on your server :slightly_smiling_face:

1 Like

I don’t feel comfortable upgrading just yet. Feels a bit risky but will look into it when I get a day free. Thanks for the hint.

1 Like

Duplicate of this topic : Change PHP version of WordPress app - #2 by Mamie

See this comment : Wordpress needs a higher php version since 7.3 is insecure - Wordpress a besoin d’une version php plus élevée puisque 7.3 n’est pas sécurisé - #2 by Lapineige
Wordpress app already use a more recent Yunohost version. You might upgrade yours.

1 Like

I only have 7.3 and 8.0 available on my installation. All apps are upgraded. Guess I need to upgrade to Yunohost 11.

FYI Wordpress is annoyingly displaying spooky warnings about the PHP version as if it’s such a big deal. Last time this happens I complained that this is bullshit, so let me reiterate this here …

PHP7.3 is still somewhat “recent” (i mean, compared to for example, ffsync and mailman2 still using Python 2 for example) and reached end of life “only” 1 or 2 years ago (depends on how you define the end of line considering Debian Buster became old stable 1 year ago, etc…). The whole situation is also related to the somewhat ridiculously small life cycle of PHP release (something like 3 years maybe ? so by the time it reaches Debian stable it gets only 2 years of support left, or even less)

Debian Bullseye “only” ships PHP 7.4 by default (though you can get 8.x via Sury which is now configured in Yunohost installs by default too…) but anyway, if Wordpress is not satisfied with PHP 7.4, that’s bullshit.

If you are concerned with the security of your wordpress, using the last top-notch version of PHP is not on the top 3 of priorities. The top 3 includes : not using any shitty untrusted addon, keeping Wordpress itself up to date, making sure that you’re using a decent password and that fail2ban is configured to block brute force attempts on wordpress.

Edit: not meaning that using a recent version doesn’t improve security, but imho that kind of spooky warning create both false sense of insecurity and false sense of security. Just because your microwave is old doesn’t mean a thief can enter your house, and just because you buy a new one doesn’t mean there’s still some window open in your house for the thief to use …

3 Likes

Wordpress says that 7.4 would be fine but I see that in a few months it’s also reaching end of life. Also, completely agree with you, those are the actual weak points of every Wordpress install. I’ll still look into solving it for the sake of my clients.

Thanks so much for the input!

FYI, here is this branch who need testing.

It adds the following changes:

  • Upgrade to 6.0.1
  • Upgrade to PHP8.0
sudo yunohost app upgrade wordpress -u https://github.com/YunoHost-Apps/wordpress_ynh/tree/6.0
3 Likes

A few months is fairly enough for Wordpress Yunohost app to be upgrade to php8… because it’s already ongoing :slightly_smiling_face:

2 Likes

To remove the stupid message from Wordpress:

function remove_stupid_php_nag() {
	remove_meta_box( 'dashboard_php_nag', 'dashboard', 'normal' );
}
add_action( 'wp_dashboard_setup', 'remove_stupid_php_nag' );
2 Likes