-1

I was told that a current wordpress version requires php 7.2 or newer. Is that true? Or to put it another way: to what extent is it mandatory to use php 7.2 for Wordpress? Are there any safety reasons? Isn't php 7.0 enough? Wordpress reads that they require php 7.2. > Wordpress Recommendations

Destroyica
  • 4,147
  • 3
  • 33
  • 50
eins7eins
  • 29
  • 5

1 Answers1

3

No, the article you linked clearly states the following:

We recommend your host supports:

  • PHP 7.2 or greater

If you are in a legacy environment where you only have older PHP or MySQL versions, WordPress also works with PHP 5.2.4+ and MySQL 5.0+, but these versions have reached official End Of Life and as such may expose your site to security vulnerabilities.

As you can see, WordPress will work even with PHP 5.2 and PHP 5.3, etc., but it is recommended to use recent versions instead.

Timo Tijhof
  • 10,032
  • 6
  • 34
  • 48
MechMK1
  • 3,278
  • 7
  • 37
  • 55
  • thank you for your answer. But my question was: isn't php version 7.0 enough? Why shall I use php 7.2 at this moment? Or why php 7.1. For me it is clear, that I use php 7.0. But not why I should use php 7.1 or php 7.2. Do you or does other has some apt reasons? – eins7eins Jan 12 '18 at 19:48
  • 1
    If you desire, you can look through [the changelog](https://secure.php.net/ChangeLog-7.php) to see how many security relevant vulnerabilities have been patched since the release of 7.0. In general, it's recommended to stay with the latest stable release. – MechMK1 Jan 12 '18 at 20:11
  • Thank you David, especially for the changlog-Link! I am not sure but not every bugfix has automatically a security reason... And 'stable' does this means security patches? – eins7eins Jan 12 '18 at 21:13
  • I ask because quite a lot of server which work with longterm operating systems has not the possibility to upgarde any php version immediately. So are they automatically insecure? – eins7eins Jan 12 '18 at 21:15
  • 1
    It's difficult to make a blanket statement here. Some servers implement so-called "backport" patches, which apply security fixes, but don't add new functionality. I would highly recommend you to ask this question specifically in [security.se]. – MechMK1 Jan 13 '18 at 12:33