[wp-trac] [WordPress Trac] #46349: Is your this admin email still correct

WordPress Trac noreply at wordpress.org
Tue Feb 26 12:15:29 UTC 2019 

#46349: Is your this admin email still correct
-------------------------+-------------------------------------------------
 Reporter:               |      Owner:  (none)
  andraganescu           |
     Type:  feature      |     Status:  new
  request                |
 Priority:  normal       |  Milestone:  Awaiting Review
Component:               |    Version:  5.1
  Administration         |   Keywords:  2nd-opinion needs-design ux-
 Severity:  normal       |  feedback
  Focuses:               |
-------------------------+-------------------------------------------------
 Use a reminder type of notification that checks with the users that some
 of their details in settings are still up to date.

 == Rationale:

 In the recent discussions on #core-php about the WSOD recovery and the
 recovery email that should be sent, to announce that the site experienced
 a fatal error and that they might be locked out of their website's admin,
 some participants persistently raised the issue of the admin email being
 either one of:

 - outdated
 - set to a catch all email address which is never checked
 - set automatically by the host in the process of one-click-installs

 Since the admin email is by all means the correct value to use when the
 system decides to send that email we need to make sure we do our best to
 keep it accurate and not a useless setting nobody cares for.

 For now the whole discussion should be about the admin email setting, I
 was unable to find another candidate so I am unsure if this would require
 an extensibility API of some kind. However perhaps some plugins like the
 ones for 2FA could use it.

 == Solution

 We could have a small notification that is triggered by either one of:

 - a certain amount of time since the last login
 - a certain amount of time since the last notification was displayed

 This notification explains that some settings are important and need to be
 revised in order to ensure the security and well functioning of their
 site. Then it asks about the setting and if it is correct.

 == Similar approaches

 Many current online apps use this style of notification to prompt the user
 into checking their email, phone number, secondary addresses, even credit
 card details. This helps prevent many unwanted issues. Of course now I was
 unable to find the exact screens I am talking about, but I am sure others
 have seen them :D

 == How it works

 This can be either one or all of:
 - a top bar that leads to a screen where these options can be updated,
 least invasive
 - a section in the dashboard that does not disappear until it is confirmed
 or updated, medium invasive
 - a screen right after login that cannot be bypassed until it is confirmed
 or updated, hardcore! This screen only shows up if the logging in user has
 the required cap to edit the settings.

 We could store the confirmation flag and date using the option API and use
 WP Cron to check these options once in a while. For the most invasive
 implementation option then the auth flow needs to be updated to check for
 the options.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46349>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list