[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Thu Feb 19 09:43:21 UTC 2026
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------------------+-------------------------
Reporter: kraftbj | Owner: audrasjb
Type: feature request | Status: closed
Priority: normal | Milestone: 7.0
Component: Security | Version:
Severity: normal | Resolution: fixed
Keywords: needs-user-docs early 2nd-opinion | Focuses:
needs-test-info has-patch | administration
-------------------------------------------------+-------------------------
Changes (by audrasjb):
* status: accepted => closed
* resolution: => fixed
Comment:
In [changeset:"61687" 61687]:
{{{
#!CommitTicketReference repository="" revision="61687"
Administration: Warn when open registration and new user default is
privileged.
Previously, WordPress allowed site owners to open registration AND to set
the default new user level to "Administrator" or "Editor". While this
combination may make sense for some sites, this is genrally a really
really bad idea.
With this changeset:
- Administrator and Editor roles are now removed from the new user default
role selector in the General Options admin screen.
- If such a role was selected before, an alert is shown in Site Health.
- A new filter is introduced: `default_role_dropdown_excluded_roles`
allows developers to change the default excluded roles in the dropdown.
Props kraftbj, subrataemfluence, roytanck, dd32, ottok, jrf, eatingrules,
verygoode, generosus, stevejburge, arunu1996, benniledl, audrasjb,
mukesh27, swissspidy, Mte90, zodiac1978, pooja1210, davidbaumwald,
johnbillion, jorbin, SirLouen, oglekler, kirasong, shailu25,
huzaifaalmesbah, jsmansart.
Fixes #43936.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:85>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list