[wp-trac] [WordPress Trac] #60789: Administration Email Address: Allow method to deactivate
WordPress Trac
noreply at wordpress.org
Sun Mar 17 20:26:00 UTC 2024
#60789: Administration Email Address: Allow method to deactivate
-------------------------------+------------------------------
Reporter: andrewhoyer | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion close | Focuses:
-------------------------------+------------------------------
Comment (by ddoll71):
I totally agree about it that non admin users shouldn't be able to change
databases.
Replying to [comment:3 webdados]:
> I don't think we should allow anyone from the outside to change a
WordPress option on a website they no longer control, even if it's their
email address.
>
> That's not for WordPress to solve. Is for people to solve.
> The previous dev should make sure he removes his email before abandoning
the project.
> If he doesn't have the chance to, WP is literally asking admins every x
months (not sure) if the admin email is correct.
> If the site owner ignores that question, it's something the previous dev
should solve at his end by blocking those emails.
>
> This is not like a "recover password" link. If you could still recover
your password it means that the site owner has not deleted your user and
then you could fix it yourself. If you cannot access the website with a
proper admin user, you should not be able to trigger any change on the
WordPress option.
>
> Don't get me wrong, I do get a lot of those emails, and I appreciate the
reasoning behind this ticket, but I don't think we should open this
Pandora box of allowing a non-admin user to change the WordPress database.
>
> Email filters are your friend :-)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60789#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list