Well, the PHP core developers, since 5.6 if I recall correctly, engaged warp speed in terms of releasing new versions — and deprecating older ones.
It is expected that vendors using PHP stick to support only current versions of PHP. There is a limit to how back in time a company is able to support outdated versions.
I know perfectly well how ISPs are (I used to run one ?? ) and many of them often lag behind horribly with PHP versions (and pretty much everything else). A very popular one (with millions of WP websites), which shall remain unnamed, only last summer ‘decided’ to give 7.X a try, labelling it ‘experimental’ — they still required all their users to run PHP 5.6, which not only has far lower performance than 7 (not to mention 8!!), but has way too many unfixed security issues (since, well, it has been deprecated for several years…).
Your complaints, therefore, should be directed to your ISP, not to Automattic. 7.4 is deprecated — that means it reached its end of life, and, with that, it stopped receiving any fixes for security flaws (not to mention bugs). There is nothing that Automattic can do about that: supporting deprecated PHP versions — no matter how many people still use them! — and exposing users to whatever unpatched flaws are on 7.4 and earlier versions is not really security-conscious, and I can only agree with the decision of stopping support for deprecated, end-of-life PHP versions.
Sure, that means millions will complain — because they hardly managed to get their own ISPs/hosting providers to start giving access to the 7.X series. Alas — you made your option when picking a provider that only supports deprecated packages and is not willing to upgrade them. That should give you a good idea of the attitude such a provider has regarding their clients’ security… and should give you a pretext to think if you really wish to stick with such a provider.
