1. The PHP version is NOT insecure as long as the server is updated.
2. On Redhat, updates to the core PHP version generally happen faster than the non-core releases of PHP.

This new ‘notice’ presents false information to my clients and further, makes us look bad to the client. Please remove that notice. It is blatantly false. Or please also check Redhats recent ‘secure’ version so as not to display this false notice.

Thanks.

So that may be the case for security patches (thee’s a lot of distros out there, so it would be unreasonable to put in special rules for them all, but you as a host can change the details of the notice so that customers will land on your site and can read the details as you describe them.

It’s worth noting that if they are seeing the warnign now, that means they are using a PHP version lower than 5.6, and even though they are getting security backports, WordPress is raising it’s PHP minimum requirement to 5.6 come April of this year if al goes as planned. This means your users would then be left behind, as this is about features, not security patches.

So, whether or not your Redhat stable version is “secure” or not isn’t the point. In the near future, probably sometime this year, WordPress will be non-functional on older PHP versions. So yes, you, or your host, or possibly even Redhat, need to reconsider this policy of what is “Stable” or not.

New PHP versions bring in not only security patches, but new language features as well as vast speed improvements. And I do mean “vast”. PHP 7 is twice as fast as PHP 5.6, and many more times faster than any older version.

It is well past time to update these underlying systems that comprise the building blocks of the internet.

Please fix this.