[wp-trac] [WordPress Trac] #60789: Administration Email Address: Allow method to deactivate
WordPress Trac
noreply at wordpress.org
Wed Mar 20 03:06:58 UTC 2024
#60789: Administration Email Address: Allow method to deactivate
-------------------------------+------------------------------
Reporter: andrewhoyer | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion close | Focuses:
-------------------------------+------------------------------
Comment (by andrewhoyer):
Replying to [comment:5 audrasjb]:
Hi JB,
Thank you for making the initial reply to this ticket. I believe this is
an important one to a lot of developers based on early feedback both on 𝕏
and here in the ticket.
I can tell this is going to be a bit of a hot topic, not just because so
many people want a solution, but because the solution has so many
possibilities and concerns. This needs to be discussed with the community
and especially with people who know a lot about core development,
security, and various ethical / legal considerations.
I've waited a few days to allow devs to get their initial feedback in
before replying, and I will address a number of points below. For each
point, I will include one or more snippets of text from any of the
previous replies.
> this probably more looks like a bug in the processes
There is more to this than saying it's a process problem, or as others
have suggested, a "people problem". As developers, we cannot always
control what clients do. Or for that matter, the owner of a business. They
might sell their company, transfer the website, and the new owners do not
update the admin email address. Regardless of the situation, the core
problem is that the admin email address links someone to a site without
them having any control over it.
> The main administrator account should be set to the owner of the
> website, not to the person who installed the website.
Owners are often not involved in their website. They might not even have a
login, let alone know what to do with admin notifications, or want to
receive them. Regardless, owners and developers are allowed to choose
their own path with the use of this field, and still not need to deal with
having their email address locked into a site for years.
> @webdados I don't think we should allow anyone from the outside to
change a
> WordPress option on a website they no longer control, even if it's their
email address.
Let's keep in mind that when someone subscribes to a newsletter, or makes
a purchase, or - think of it - unsubscribes, that they are changing
something in the database. And they don't even have to be logged in!
I will turn this suggestion back on itself and ask: Should a website be
allowed to send email to an address that no longer wants it? The answer
should be a distinct no, and indeed there are legal considerations here in
some regions. There are cases here where developers have received admin
notifications for 10 years (@askwpgirl) with no way to unsubscribe or stop
the emails.
> @cold-iron-chef it would be nice to opt out without setting up email
filters on the client side.
This reply is correct. Others have suggested that email filters are the
answer. They are not. What if I change email clients or providers? Must I
reset 10 years worth of filters because someone out there can't take 30
seconds to change an email address and WordPress doesn't allow me to
change it?
Finally:
I am going to point to above comment [comment:9 askwpgirl] which has some
good balanced points.
The paths forward that I think are the most promising:
1. A magic link in all admin emails that allows the recipient to
unsubscribe. Whether this removes the email (potentially problematic) or
sets an opt-out flag, it doesn't matter. All that needs to happen is that
WordPress is made aware that no further emails are to be sent to that
email address. At the same time, an email could be sent to all admin-level
users that a new admin email address must be set. We already have that
periodic check in place. It could then show a more urgent notice to
encourage admins to reset that value.
2. Instead of an open text field, the "Administration Email Address" is a
drop-down list of admin users. This requires many more considerations such
as not being able to delete a user that is selected there. Or, what if
there is only one admin user? There's some definite potential here, but it
needs thought.
3. Hide the "Administration Email Address" altogether, and send
notifications to all admin-level users. Perhaps make it a checkbox option
in the User settings to receive or not receive the emails. This makes it
super simple, and ensures that as soon as a user is removed from the
website, no emails reach them. Thinking about it a bit more, I actually
like this option the best, even though it's not the simplest.
I welcome more feedback on this by you, or any others in the community who
want to note their experience and what solution might be best.
Thank you!
Andrew
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60789#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list