在「Why We’re Still Seeing PHP 5.3 In The Wild (Or: PHP Versions, A History)」這邊看到一些有趣的統計資料,雖然是 2015 的舊文章,但因為統計資料是公開的,可以透過同樣方式抓到現在的情況。
作者在 2015 年七月 (大約是月底) 的數字是:
$ curl http://api.wordpress.org/stats/php/1.0/ | jq '.'
{
"5.2": 13.603,
"5.3": 32.849,
"5.4": 40.1,
"5.5": 9.909,
"5.6": 3.538
}
剛剛跑的數字是:
$ curl -s https://api.wordpress.org/stats/php/1.0/ | jq .
{
"7.0": 0.423,
"5.6": 12.429,
"5.5": 17.188,
"5.4": 35.824,
"5.3": 24.754,
"5.2": 9.382
}
可以看到即使是 2016 年的現在,PHP 5.3 與 PHP 5.4 還是超級大宗,但都已經沒有安全性更新了。
作者猜測 shared hosting 在 WordPress 佔的比重還是很大,而大多數的 shared hosting 商不太管這個,架完後就放著跑沒打算升級了...
WordPress 應該強硬一點啊,在「Requirements」這邊這樣寫怎麼會有 hosting 商想升級:
Note: If you are in a legacy environment where you only have older PHP or MySQL versions, WordPress also works with PHP 5.2.4+ and MySQL 5.0+, but these versions have reached official End Of Life and as such may expose your site to security vulnerabilities.
就「會動」啊...