PHP 7.4 minimum. May 20, 2026. WordPress 6.9 frozen forever for stores still on PHP 7.2 or 7.3. WordPress 7.0 ships on Wednesday, May 20, 2026, and the release officially raises the minimum PHP version to 7.4, with PHP 8.3 recommended for best performance. Sites running PHP 7.2 or 7.3 will not receive the 7.0 update. They will stay on the 6.9 branch indefinitely.
That sounds like a routine version bump. It is not. WooCommerce 10.6.2 already shipped admin style updates the changelog explicitly describes as “in preparation for WordPress 7.0”, and the WooCommerce release cycle is now timed to WordPress majors. Stores stuck below PHP 7.4 are about to be exiled from the WooCommerce mainline at the exact moment Safari ITP, EU AI Act watermarking and DUAA exceptions are tightening.
What WooCommerce 10.7 Already Shipped That Frozen Stores Will Never See
WooCommerce 10.7 went out on April 14, 2026 with 175 PRs from 66 contributors — and the release notes single out security and tracking work that depends on the WordPress 7.0 admin pattern going forward.
Three changes matter most for tracking integrity:
- XSS hardening on the v4 REST API order notes endpoint via wp_kses_post. This is the endpoint third-party pixel and CRM integrations use to read order metadata. Hardening it is a data-integrity fix.
- CSRF validation on product and term ordering AJAX. Closes a vector that could corrupt category order — which, for stores using category-based feeds for Google Merchant or Facebook catalog, corrupts the feed.
- The typed Fulfillments API exposing $fulfillment->get_tracking_number(), $fulfillment->set_shipping_provider() and a wc_fulfillment_shipping_provider taxonomy. This is the structured “Delivered” event hook that lets a store send conversion callbacks back to Google Ads, Meta or TikTok at delivery time instead of order time.
None of these reach a store frozen on WordPress 6.9. Not now, not later. WooCommerce 10.7 assumes WordPress 7.0-compatible admin behaviour, and WooCommerce 10.8 — beta-1 dropped May 5, 2026 — builds on top of it.
This is the part most coverage missed: the WordPress 7.0 release isn’t just a feature release. It’s a release-train coupling event. The two codebases are now moving as one.
You may be interested in: WordPress 7.0 Ships May 20 With a Native AI Connectors API and an Abilities API — the upside of 7.0, for stores that can upgrade.
What is the WordPress 7.0 PHP Minimum?
Definition: PHP 7.4 is the lowest PHP version that will accept the WordPress 7.0 upgrade. Sites running PHP 7.2 or PHP 7.3 will be blocked from updating to 7.0 and will continue receiving security updates only on the 6.9 branch.
Key consequence: The auto-update path goes dark for these sites. They keep working — they stop keeping pace.
How it differs from earlier bumps: Previous WordPress minimum-PHP bumps did not coincide with a WooCommerce release-train coupling. This one does. The cost of being frozen compounds month over month instead of resetting at the next minor version.
Why the Timing Is Particularly Bad
If WordPress 7.0 were landing into a quiet quarter, this would be a manageable inconvenience. It is not landing into a quiet quarter.
Three regulatory and platform shifts are tightening in the same window:
- EU AI Act watermarking obligations on AI-generated content take force in December. Stores that use AI to generate product descriptions, blog content or ad copy will need to mark that content. The WooCommerce + WordPress release train is where those obligations will be addressed in core.
- DUAA exceptions narrowed in February — the UK’s data protection update tightened the legitimate-interest carve-outs that many SMB stores relied on for tracking. Compliance fixes will ship through plugin and core updates.
- Safari ITP keeps advancing. First-party cookie lifetimes have been clamped to 7 days for years, and Apple keeps tightening the rules around what counts as first-party. Every browser-side tracking workaround needs maintenance — and that maintenance lives in the release train you just got locked out of.
The gap between a WordPress 7.0-current store and a 6.9-frozen store is going to widen every month for the rest of 2026. Not because the frozen store is degrading — because the world is moving.
WooCommerce 10.7 also quietly added analytics filters that BI connectors couldn’t see before. See WooCommerce 10.7 Quietly Added Country, State and Guest-vs-Registered Filters to the Customers Analytics API on April 14 for a concrete example of what frozen stores miss in a single release.
How to Check Your PHP Version in Under a Minute
Run this check today. It takes about 45 seconds.
- Log into wp-admin.
- Go to Tools → Site Health.
- Click the Info tab.
- Expand the Server section.
- Look for the PHP version line.
If it reads 7.4 or higher: you will receive WordPress 7.0 on May 20, assuming auto-updates are enabled.
If it reads 8.3 or higher: you are on the recommended version, which is where the performance and security headroom is.
If it reads 7.2 or 7.3: you are about to be frozen. Open your hosting control panel — cPanel, Plesk, or your host’s dashboard — and look for “PHP version” or “MultiPHP Manager”. Most hosts let you switch with a single dropdown. Some hosts gate the switch behind a compatibility check.
The Legacy Plugin Problem Nobody Talks About
“Just upgrade your PHP” is the answer everyone gives. It is also the answer that ignores the reason a store is on PHP 7.2 in the first place.
Most stuck stores are stuck for one of three reasons. A legacy theme that was built before PHP 8.x existed and silently breaks on the upgrade. A custom plugin written by a long-departed developer with no maintainer. A payment or shipping integration whose vendor has not certified the higher PHP version and will not warranty checkout behaviour above it.
None of these are unreasonable reasons. All of them are real.
The honest answer is that some store owners will need to plan a multi-week migration — theme audit, plugin compatibility check, staging-environment rebuild — before the PHP switch is safe. Some will need to replace a theme or a plugin entirely. Some will need to budget for a developer.
And in the meantime, the WooCommerce + WordPress release train keeps moving.
What You Can Do Server-Side While You Plan the Upgrade
If your store cannot upgrade by May 20, you have two parallel problems: the long-term migration, and the short-term tracking gap. The migration is yours to plan. The tracking gap is something you can compensate for outside the WordPress release train entirely.
Transmute Engine™ is a dedicated Node.js server that runs first-party on your subdomain (e.g., data.yourstore.com). The inPIPE WordPress plugin captures WooCommerce events and sends them via API to your Transmute Engine server, which formats and routes them simultaneously to GA4, Facebook CAPI, Google Ads, BigQuery, Klaviyo and more.
The point: your tracking, pixel-deduplication and conversion routing live on a server you control, not on the WordPress admin that just got version-locked. A store frozen on 6.9 still loses access to WooCommerce-native security and analytics improvements, but the destination-side data pipeline keeps shipping fixes independently of the release train you fell off.
Key Takeaways
- WordPress 7.0 ships May 20, 2026 with a PHP 7.4 minimum and PHP 8.3 recommended.
- PHP 7.2 and 7.3 sites stay on the 6.9 branch indefinitely — not a soft warning, a hard version gate.
- WooCommerce is now coupled to the WordPress release train. 10.6.2 prepared for 7.0, 10.7 assumes it, 10.8 builds on it.
- Frozen stores miss every tracking, pixel-security and compliance fix from 10.7 onward — XSS hardening, CSRF validation, the typed Fulfillments API and everything that follows.
- The compounding cost is the real story. The gap between a 7.0-current store and a 6.9-frozen store widens every month through Q4 2026.
- Check Site Health → Info → Server today to find out which side of the line your store is on.
Frequently Asked Questions
Every WooCommerce update from 10.7 onward, because WooCommerce now co-evolves with the WordPress 7.0 admin. Specifically: XSS hardening on the v4 REST API order notes endpoint, CSRF validation on product and term ordering AJAX, the typed Fulfillments API providing get_tracking_number() and set_shipping_provider() hooks for ad-platform delivery callbacks, currency parameters forwarded to background export jobs, and every future tracking, pixel and compliance fix shipped through the WooCommerce release train.
Technically yes — WordPress 6.9 will continue to receive security updates on its own branch — but you will not receive WordPress 7.0 or any of its successors, and you will diverge from the WooCommerce mainline at the same time. The store will keep working. It will stop keeping pace with browser tracking changes, ad-platform pixel updates and compliance requirements.
WooCommerce will continue to install on WordPress 6.9 in the short term, but the release train is now timed to WordPress majors. WooCommerce 10.6.2 explicitly shipped admin styles in preparation for WordPress 7.0, and 10.7 and 10.8 assume 7.0-class admin behaviour. Expect a hard compatibility break within 12 to 18 months.
Go to wp-admin → Tools → Site Health → Info, then expand the Server section. The PHP version is listed there. If it shows 7.2 or 7.3, you will be blocked from the 7.0 upgrade. PHP 7.4 is the minimum; 8.3 is the recommended version.
Many SMB WooCommerce stores run legacy themes or plugins that break on PHP 8.x — sometimes silently, sometimes with fatal errors at checkout. Hosts often gate PHP upgrades behind compatibility checks the store owner has to run manually. The reality is that an unknown number of stores cannot upgrade without rebuilding parts of their site, and those stores are about to be left on the 6.9 branch.
Run the Site Health PHP check today. If you are on 7.2 or 7.3, decide now whether to plan the host upgrade or move tracking to a first-party server pipeline that ships independently of the release train you cannot follow — seresa.io.
