two-factor icon indicating copy to clipboard operation
two-factor copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Keep the requirements at PHP 5.6 and WP 4.6 until we have a practical reason

Open kasparsd opened this issue 1 year ago • 2 comments

What?

Reverts #625.

Why?

Although we want users to upgrade their PHP and WP, the plugin code currently supports PHP 5.6+ and WP 4.6 so we keep those requirements until we've given plenty of notice that version 1.0.0 of this plugin will no longer support anything below 7.4 and a year old WP core.

How?

  • Update README to include an official policy on the supported versions of PHP and WP core.
  • Use the upgrade notice up until version 1.0.0 to inform users about the upcoming enforcement.

Testing Instructions

Screenshots or screencast

Changelog Entry

Added - New feature. Changed - Existing functionality. Deprecated - Soon-to-be removed feature. Removed - Feature. Fixed - Bug fix. Security - Vulnerability.

kasparsd avatar Sep 19 '24 08:09 kasparsd

I don't personally support this, as there's no reasoning given to retain it.

Please ensure that the testing pipeline is updated inline with this, but please keep a maintainable test runner. That's one of the main reasons for the increase, the inability to test with ancient versions.

So if you're looking at it from a practical point of view; AFAICT no-one tests the plugin with old PHP / WPs, and I definately do not care about them. Practically so few of them will update.

If you're looking at it from a usage point of view, I think it makes sense to follow Core's "Less than 5% usage is time to move on from it" which per https://github.com/WordPress/two-factor/pull/640#issuecomment-2360006532 we're well past.

Duplicating the relevant part here:

I did some digging for stat data for you, for 0.9.x of the plugin:

  • the PHP bump will affect 0.15% of users (1% If we include users of < 0.9)
  • the WP bump will affect 2.6% of 0.9.1 users (A singular site somewhere is using 0.9.0 + WP 6.2 according to the data, and nothing lower)

From version 1.0.0, this plugin will support WordPress versions up to one year old and the minimum PHP version they require.

I can support this, although I'd prefer a much more aggressive support deprecation. As of today, -1 year would mean WordPress 6.3 / PHP 7.0. I'd prefer that each x.y version simply support the last major WordPress and it's associated requirements. If there's a security update required to the plugin, that can be backported.

My reasoning is that WordPress.org plugins usage data suggests that the majority of plugin users run up-to-date WordPress (likely thanks to hosts and core auto-updates) and outdated plugins. It's much more rare for a recently updated plugin to be used on an older site.

dd32 avatar Sep 20 '24 06:09 dd32

I'd prefer that each x.y version simply support the last major WordPress and it's associated requirements.

This matches my general preference and one in which we've mostly put in place at 10up (though we tend to use WP-2 so two versions back and not just 1).

jeffpaul avatar Sep 22 '24 02:09 jeffpaul

Thank you all for providing perspective and input. Let's keep the dependency bumps as is.

kasparsd avatar Dec 02 '24 09:12 kasparsd