WordPress To Drop Security Updates for Versions 3.7 Through 4.0 by December, 2022
WordPress’ Safety Group announced it is going to be dropping assist for variations 3.7 via 4.0 on December 1, 2022. To offer some context for the way previous these variations are, in 2013, WordPress 3.7 introduced automatic background updates and 3.8 updated the admin with a brand new design based on the MP6 plugin.
WordPress’ official coverage is that the safety staff solely offers assist for the latest model, however as a courtesy has prolonged backporting safety fixes to older variations which are in a position to obtain computerized updates.
“Till now, these courtesy backports have included all variations of WordPress supporting computerized updates,” 10up-sponsored Safety Group member Peter Wilson mentioned. “Variations WordPress 3.7 – 4.0 have reached ranges of utilization, particularly less than 1% of total installs, the place the advantage of offering these updates is outweighed by the hassle concerned.”
Greater than half of all WordPress websites are on the most recent model – 6.0+ (54.3%), and safety updates will nonetheless be obtainable to greater than 99% of websites on older variations after this modification. Wilson mentioned the choice to drop assist for 3.7 via 4.0 was based mostly off the knowledge reported on the statistics web page.
“The impact of this imbalance signifies that the Safety staff spends more often than not getting ready backports for the huge minority of WordPress installations,” Wilson mentioned. “By dropping assist for these older variations, the newer variations of WordPress will change into safer as extra time could be centered on their wants.”
Over the following three months, variations 4.0 and older will obtain their last updates and also will show a non-dismissible discover within the dashboard, advising customers to improve to the most recent model as their websites will not obtain safety updates.