[wp-trac] [WordPress Trac] #46661: Add a control to hide "New Default Role" from WP ADMIN via WP Config

WordPress Trac noreply at wordpress.org
Tue Mar 26 18:14:35 UTC 2019


#46661: Add a control to hide "New Default Role" from WP ADMIN via WP Config
-------------------------+-----------------------------
 Reporter:  gsh1923      |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:
 Severity:  major        |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 Hi there

 Recently there was a Vulnerability Detected in a plugin that we use.

 What I found pretty nuts is that once the user had been created as an
 admin it was possible for them to easily change the “default new user
 role” setting by going over to General and changing the drop-down box.

 I wondered therefore two things:

 a) Is there a way that in wp-config some kind of special magic code would
 mean that that particular part of the WP would be hidden if set, thus
 meaning that the "Default New User Role" could only be changed with access
 to FTP.

 b) If not, some kind of internal security ping that gets sent out to the
 site ADMIN in cases where the "Default New User Role" value is changed.

 It was suggested that I write this here having posted to here:
 https://wordpress.org/support/topic/new-default-role-wp-config-
 add-a-control/#post-11358317

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46661>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list