[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Fri Mar 8 13:18:45 UTC 2024
#43936: Settings: Warn when open registration and new user default is privileged
---------------------------------------+-----------------------------
Reporter: kraftbj | Owner: audrasjb
Type: feature request | Status: accepted
Priority: normal | Milestone: 6.6
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-user-docs | Focuses: administration
---------------------------------------+-----------------------------
Comment (by benniledl):
If this setup is out there in the wild unknowingly to the admin then the
site most likely was taken over by a malicious actor a long time ago
anyway and we should not bother to alter the behavior of the sites since
this is most likely on purpose and will annoy anyone who purposefully set
their site up like this.
But to warn anyone who is not aware of this, instead of altering the
behavior for any existing sites with a dangerous setup of open
registration and default user we could send a one time email in the
upgrade script that will inform them about their configuration.
----
> Preventing a user selecting a dangerous combination is needed, but it
also needs to validate that the values in the database are safe to rely
upon IMHO
I think the site health check and a warning email from the upgrade script
will be enough for this.
\\
> I think that both this and #46744 would best be solved by completely
preventing the default_role from having the values for 'administrator' and
'editor'. If the database has either of these values, it should just be
ignored.
I don't think that ignoring the setting made by the user is good in any
way, the user should be able to control what the software does. As said, I
think most sites with this configuration are purposefully set up like this
and just ignoring their settings will annoy them and disrupt the site's
operation.
\\
> If registration is open, don't allow administrator as the default role
*ever*. The editor role should be allowed, but only when explicitly
removed from "excluded roles" via the filter, not as a role available by
default.
If a user uses filters to make the roles available in the options page
then he either knows well enough what he is doing or has at least thought
about this setup enough to know what it does and he should be allowed to
do it, users should always be able to control their site (with filters as
least, we should make it hard to set this up for beginners tho).
\\
> If registration is open and the output of the filter would have removed
administrator from the "excluded roles", add back administrator and throw
a _doing_it_wrong(). This will allow sysadmins to pick up on this being
attempted in their error logs.
This will annoy anyone who purposefully set their site up like this, the
email and the site health check will be enough.
\\
> If the default_role is set to one of the "excluded roles", use
subscriber instead. This will also prevent an existing default role of
administrator coming from the database from being used.
Again will annoy anyone who purposefully set their site up like this.
email and health check should be enough.
\\
> Having a constant like DISALLOW_FILE_MODS or DISALLOW_FILE_EDIT to
disable these two things ("Anyone can register" and the according role
select).
That's a nice thing to have
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:47>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list