Making WordPress.org

Opened 10 months ago

Last modified 10 months ago

#7139 new enhancement

Add a "Security Supported" statistic to stats page

Reported by: benniledl's profile benniledl Owned by:
Milestone: Priority: normal
Component: WordPress.org Site Keywords: 2nd-opinion
Cc:

Description

WordPress has great security/bugfixes support for old versions, the version 4.1 which was first released December 2014 has just recently gotten a security and bug fix release: https://wordpress.org/documentation/wordpress-version/version-4-1-38/
Adding a graph that shows how many of the active WordPress installations still have security support would really show how good WordPress is for website creators in the long run.

Inspiration: https://www.t3versions.com/statistics-detail/20
The site in question: https://wordpress.org/about/stats/

Attachments (2)

patch-js.diff (190 bytes) - added by benniledl 10 months ago.
suggestion
patch-php.diff (722 bytes) - added by benniledl 10 months ago.
suggestion

Download all attachments as: .zip

Change History (6)

@benniledl
10 months ago

suggestion

@benniledl
10 months ago

suggestion

#1 @dufresnesteven
10 months ago

Adding a graph that shows how many of the active WordPress installations still have security support would really show how good WordPress is for website creators in the long run.

I think showing the number of historical security fixes would have the opposite effect.

#2 follow-ups: @benniledl
10 months ago

Hi @dufresnesteven
I wouldn't want to show the number of security fixes but what % of active WordPress installations would still get security fixes if there was a problem.

#3 in reply to: ↑ 2 @dufresnesteven
10 months ago

Replying to benniledl:

Hi @dufresnesteven
I wouldn't want to show the number of security fixes but what % of active WordPress installations would still get security fixes if there was a problem.

yeah, I understand that but we should always incentivize upgrades to the latest version. So for me, I don't know what this stat is communicating other than there were vulnerabilities in previous versions.

#4 in reply to: ↑ 2 @dd32
10 months ago

Replying to benniledl:

I wouldn't want to show the number of security fixes but what % of active WordPress installations would still get security fixes if there was a problem.

So, you'd be thinking something like 99.56% of known WordPress installations are currently receiving security updates?

Realistically that'd be better as just that static text with "Over 99%", and could probably stay like that for quite some time.

As noted on https://make.wordpress.org/security/2022/09/07/dropping-security-updates-for-wordpress-versions-3-7-through-4-0/ at the time WP <= 4.0 accounted for less than 1% of overall installations, today WP 4.1~6.2 accounts for close to 99.5%.

So... Adding the statistic is likely not beneficial for most people IMHO, and minor movements in the 99.xx% area is likely to cause the security team more issues (ie. When they drop support for WP 4.2~4.5 or something like that, it might drop from 99.8% to 99.1%). If we wanted to use it in some copy on PR/Marketing materials it'd have a better impact just saying 'over 99%'.

Note: See TracTickets for help on using tickets.