Keep the requirements at PHP 5.6 and WP 4.6 until we have a practical reason

composer.json

@@ -21,7 +21,7 @@
   "minimum-stability": "dev",
   "prefer-stable" : true,
   "require": {
-    "php": ">=7.2.24|^8"
+    "php": ">=5.6"
   },
   "require-dev": {
     "automattic/vipwpcs": "^3.0",
@@ -37,7 +37,7 @@
   },
   "scripts": {
     "lint": "phpcs",
-    "lint-compat": "phpcs -p --standard=PHPCompatibilityWP --runtime-set testVersion 7.2- --extensions=php --ignore='tests/,dist/,includes/Yubico/,vendor/,node_modules/' .",
+    "lint-compat": "phpcs -p --standard=PHPCompatibilityWP --runtime-set testVersion 5.6- --extensions=php --ignore='tests/,dist/,includes/Yubico/,vendor/,node_modules/' .",
     "lint-phpstan": "phpstan analyse --verbose --memory-limit=1G",
     "test": "vendor/bin/phpunit",
     "test:watch": [

readme.txt

@@ -29,6 +29,10 @@ Here is a list of action and filter hooks provided by the plugin:
 - `two_factor_user_authenticated` action which receives the logged in `WP_User` object as the first argument for determining the logged in user right after the authentication workflow.
 - `two_factor_token_ttl` filter overrides the time interval in seconds that an email token is considered after generation. Accepts the time in seconds as the first argument and the ID of the `WP_User` object being authenticated.
 
+= PHP and WordPress Version Support =
+
+Starting from version 1.0.0 of this plugin, it will maintain compatibility with WordPress core versions that are up to one year old, as well as <a href="https://make.wordpress.org/core/handbook/references/php-compatibility-and-wordpress-versions/">the minimum PHP version supported by those WordPress versions</a>.
+
 == Frequently Asked Questions ==
 
 = How can I send feedback or get help with a bug? =
@@ -47,6 +51,13 @@ To report a security issue, please visit the [WordPress HackerOne](https://hacke
 2. U2F Security Keys section under User Profile.
 3. Email Code Authentication during WordPress Login.
 
+== Upgrade Notice ==
+
+<!-- Keep this in sync with the next version up until 1.0.0. -->
+= 0.10.0 =
+
+From version 1.0.0, this plugin will support WordPress versions up to one year old and the minimum PHP version they require.
+
 == Changelog ==
 
 See the [release history](https://github.com/wordpress/two-factor/releases).

two-factor.php

@@ -12,8 +12,8 @@
  * Plugin URI:        https://wordpress.org/plugins/two-factor/
  * Description:       Enable Two-Factor Authentication using time-based one-time passwords, Universal 2nd Factor (FIDO U2F, YubiKey), email, and backup verification codes.
  * Version:           0.9.1
- * Requires at least: 6.3
- * Requires PHP:      7.2
+ * Requires at least: 4.6
+ * Requires PHP:      5.6
  * Author:            WordPress.org Contributors
  * Author URI:        https://github.com/wordpress/two-factor/graphs/contributors
  * License:           GPL-2.0-or-later