[wp-trac] [WordPress Trac] #56372: unexpected behavior user.php wp_update_user() detects change in password when there is no change

WordPress Trac noreply at wordpress.org
Mon Aug 15 23:29:43 UTC 2022 

#56372: unexpected behavior user.php wp_update_user() detects change in password
when there is no change
-------------------------------+----------------------
 Reporter:  HamishAhern        |       Owner:  (none)
     Type:  defect (bug)       |      Status:  closed
 Priority:  normal             |   Milestone:
Component:  Users              |     Version:  6.0
 Severity:  normal             |  Resolution:  invalid
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+----------------------
Changes (by johnbillion):

 * keywords:   => reporter-feedback
 * status:  reopened => closed
 * resolution:   => invalid


Comment:

 @HamishAhern Nobody is buttering up or smoothing over the issue that you
 reported. As Sergey pointed out, you're conflating two things:

 1. The email notification sent to users when their password is changed
 2. An erroneous triggering of this notification when their password has
 not been changed

 The second issue is the subject of your report. Have you confirmed that
 this issue occurs with no plugins active and one of the default themes in
 use? If not, that should be your first port of call. It could well be that
 one of the plugins or themes on your site is erroneously triggering this
 password change. It happens.

 > in fact you might as well take the email notification out of the base
 wordpress, its not a very useful notification to users anyway

 You might have noticed that almost every mature web service that you use
 will send you an email notification when your password is changed. It's an
 aspect of user account security that helps prevent account compromises by
 alerting a user to activity that may be unexpected.

 I'm going to close this ticket again but the conversation can carry on
 even while it's closed. If you could confirm to us whether or not this
 unexpected notification is triggered when no plugins are in use, when a
 default theme is in use, and when a user does not actually change their
 password, that would be very helpful. Thanks.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/56372#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list