Hardware: VPS bought online YunoHost version: 4.4.2 I have access to my server : Through SSH Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hi guys,
just noticed I get a warning inside the WordPress dashboard that my installation is running on an end-of-life version of PHP (7.3). Would love to update it to PHP 8. Any experience with that?
I think the default php version changed with YunoHost 11.
The other way is to raise a ticket on wordpress_ynh repo to ask the maintener to change the used version. Each app using PHP decide which version to use, and it is better to change it for everyone than to just do it on your server
FYI Wordpress is annoyingly displaying spooky warnings about the PHP version as if it’s such a big deal. Last time this happens I complained that this is bullshit, so let me reiterate this here …
PHP7.3 is still somewhat “recent” (i mean, compared to for example, ffsync and mailman2 still using Python 2 for example) and reached end of life “only” 1 or 2 years ago (depends on how you define the end of line considering Debian Buster became old stable 1 year ago, etc…). The whole situation is also related to the somewhat ridiculously small life cycle of PHP release (something like 3 years maybe ? so by the time it reaches Debian stable it gets only 2 years of support left, or even less)
Debian Bullseye “only” ships PHP 7.4 by default (though you can get 8.x via Sury which is now configured in Yunohost installs by default too…) but anyway, if Wordpress is not satisfied with PHP 7.4, that’s bullshit.
If you are concerned with the security of your wordpress, using the last top-notch version of PHP is not on the top 3 of priorities. The top 3 includes : not using any shitty untrusted addon, keeping Wordpress itself up to date, making sure that you’re using a decent password and that fail2ban is configured to block brute force attempts on wordpress.
Edit: not meaning that using a recent version doesn’t improve security, but imho that kind of spooky warning create both false sense of insecurity and false sense of security. Just because your microwave is old doesn’t mean a thief can enter your house, and just because you buy a new one doesn’t mean there’s still some window open in your house for the thief to use …
Wordpress says that 7.4 would be fine but I see that in a few months it’s also reaching end of life. Also, completely agree with you, those are the actual weak points of every Wordpress install. I’ll still look into solving it for the sake of my clients.