[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged

WordPress Trac noreply at wordpress.org
Fri Mar 8 10:25:28 UTC 2024 

#43936: Settings: Warn when open registration and new user default is privileged
---------------------------------------+-----------------------------
 Reporter:  kraftbj                    |       Owner:  audrasjb
     Type:  feature request            |      Status:  accepted
 Priority:  normal                     |   Milestone:  6.6
Component:  Security                   |     Version:
 Severity:  normal                     |  Resolution:
 Keywords:  has-patch needs-user-docs  |     Focuses:  administration
---------------------------------------+-----------------------------
Changes (by zodiac1978):

 * keywords:  has-patch => has-patch needs-user-docs


Comment:

 Replying to [comment:45 swissspidy]:
 > This ticket is about adding Site Health warnings if user registration is
 enabled and defaults to an admin role, which is a security risk.

 I hope this ticket is a bit more than just the site health warning. ;)
 Looking at the patch it does also exclude via filter the administrator and
 editor role from the dropdown.

 This is better than nothing, but I am wondering why some things are not
 considered:

 From @dd32
 > Preventing a user selecting a dangerous combination is needed, but it
 also needs to validate that the values in the database are safe to rely
 upon IMHO

 From @ottok
 > I think that both this and #46744 would best be solved by completely
 preventing the default_role from having the values for 'administrator' and
 'editor'. If the database has either of these values, it should just be
 ignored.

 > Also this should be changed: https://wordpress.org/support/article
 /settings-general-screen/#new-user-default-role (added workflow needs-
 user-docs for it!)

 From @jrf
 > 2. The update_option() call to update the value for default_role
 (saving).

 > If registration is open, don't allow administrator as the default role
 *ever*. The editor role should be allowed, but only when explicitly
 removed from "excluded roles" via the filter, not as a role available by
 default.
 > If registration is open and the output of the filter would have removed
 administrator from the "excluded roles", add back administrator and throw
 a _doing_it_wrong(). This will allow sysadmins to pick up on this being
 attempted in their error logs.
 > If the default_role is set to one of the "excluded roles", use
 subscriber instead. This will also prevent an existing default role of
 administrator coming from the database from being used.

 Additionally, I think #60258 was closed too early. As it has an
 interesting approach: Having a constant like DISALLOW_FILE_MODS or
 DISALLOW_FILE_EDIT to disable these two things ("Anyone can register" and
 the according role select). For most of my installations (besides some
 membership sites) I would just use this constant in my wp-config.php and
 the whole feature is grayed out and disabled.

 I would love to see these last items discussed and maybe considered for
 this patch in 6.6
 Thanks!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:46>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list