[wp-hackers] wordpress security

[Stephen Rider]

On Oct 19, 2009, at 12:11 PM, mrmist wrote:

> But then as an admin of multiple sites, you do not fit the supposed  
> core target for such a feature, that being the average Jo user.

It seems it's useful for more than just "Joe User" then.

> A feature such as email inform might be useful, but it'd have to be  
> pretty customisable

I don't see why.  Mail to the admin email address.  For Joe User the  
emails are probably going to User #1.  If it **needs** to be  
customizable for certain cases, advanced users can use plugins.

> - e.g. the to address not necessarily being the "admin" user - and  
> warn users that the feature is dependant on server email config  
> being correct.

Can the system check for this and simply put in a caution on the  
Settings page if needed (e.g. "Your server is not configured to send  
mail")?  I'm really asking, as I'm not too knowledgeable of PHP  
emailing routines.

> I also believe that the points made by others already in this  
> thread, such as the aspect of creating reliance on such an email,  
> are pretty valid and I could see it creating more support load in  
> the forums than it solves.

Not unless you believe there are a large number of "average" users who  
regularly log on to their site *just* to check if updates are  
available, but would stop if they thought the emails were coming  
anyway.  Not likely.

Those for whom this email would be useful are the ones who don't log  
on regularly.  So at *worst*, some of them get the emails (which is  
good), and some don't (which is no worse than right now).

Stephen