zlacker

But you don't really need to care about upstream security support. Linux distros offer long-term support for specific versions they decided to freeze on, and there are well-known third-party repositories (sury, remi, cloudlinux) that offer even older versions with backported security fixes.

GP's problem seems to be that they have to support WordPress plugins and themes that they either can't or don't want to patch by themselves. This is a different situation from people who build & maintain in-house apps. In that case, always using the previous Ubuntu LTS is a perfectly viable solution. Stay 2-3 years behind the edge, giving enough time for the plugins and themes to get updated, while still receiving security patches and comfortably within the recommended range for WordPress Core.