[jwat0v]

I don't know if it's shameful but it's expected.

Of those PHP websites, most of them are probably wordpress. How many of those haven't been updated in ages?

That's way more dangerous than running PHP 5, taking into account all distros will backport security fixes for years to come.

[uses]

Probably worth noting that WP is planning on requiring PHP 7 by the end of 2019 https://make.wordpress.org/core/2018/12/08/updating-the-mini...

[piotrkubisa]

Yes, that's true you can find many web sites using Wordpress, or other popular CMSes like Joomla, forum boards i.e. phpBB or even e-commerce stores based on OpenCart / ZenCart / Prestashop haven't seen an update for a quite long time. Personally, I'd be glad to offer my free time to help i.e. update Wordpress (recent versions has auto-update feature) or even migrate to static-site, especially whether I am returning user of such website.

[antsar]

The hard part isn’t updating. It’s checking what got broken by the update, and fixing that. Then finding out one of the plugins is no longer supported, researching alternatives, and rebuilding half the site to use a new thing.

[piotrkubisa]

Tip: static analysis tools for PHP helped me during a rewrite from 5.6 to 7.0. It was really good experience, I'd say.

[antsar]

Same here. Sadly, I don't know of any static analysis tools that can detect inter-compatibility of different versions of WordPress plugins/themes/core. That's one aspect of WordPress maintenance that can get real hairy.

[simion314]

From my experience WP autoupdates

Do you expect all node small and medium completed projects run on latest node?

[corobo]

WordPress core autoupdates. Plugins will happily remain exploitable for years if you're not on top of their security updates.