[wp-trac] [WordPress Trac] #60789: Administration Email Address: Allow method to deactivate

WordPress Trac noreply at wordpress.org
Wed Mar 20 03:06:58 UTC 2024 

#60789: Administration Email Address: Allow method to deactivate
-------------------------------+------------------------------
 Reporter:  andrewhoyer        |       Owner:  (none)
     Type:  feature request    |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Administration     |     Version:
 Severity:  normal             |  Resolution:
 Keywords:  2nd-opinion close  |     Focuses:
-------------------------------+------------------------------

Comment (by andrewhoyer):

 Replying to [comment:5 audrasjb]:

 Hi JB,

 Thank you for making the initial reply to this ticket. I believe this is
 an important one to a lot of developers based on early feedback both on 𝕏
 and here in the ticket.

 I can tell this is going to be a bit of a hot topic, not just because so
 many people want a solution, but because the solution has so many
 possibilities and concerns. This needs to be discussed with the community
 and especially with people who know a lot about core development,
 security, and various ethical / legal considerations.

 I've waited a few days to allow devs to get their initial feedback in
 before replying, and I will address a number of points below. For each
 point, I will include one or more snippets of text from any of the
 previous replies.

 > this probably more looks like a bug in the processes

 There is more to this than saying it's a process problem, or as others
 have suggested, a "people problem". As developers, we cannot always
 control what clients do. Or for that matter, the owner of a business. They
 might sell their company, transfer the website, and the new owners do not
 update the admin email address. Regardless of the situation, the core
 problem is that the admin email address links someone to a site without
 them having any control over it.


 > The main administrator account should be set to the owner of the
 > website, not to the person who installed the website.


 Owners are often not involved in their website. They might not even have a
 login, let alone know what to do with admin notifications, or want to
 receive them. Regardless, owners and developers are allowed to choose
 their own path with the use of this field, and still not need to deal with
 having their email address locked into a site for years.


 > @webdados I don't think we should allow anyone from the outside to
 change a
 > WordPress option on a website they no longer control, even if it's their
 email address.


 Let's keep in mind that when someone subscribes to a newsletter, or makes
 a purchase, or - think of it - unsubscribes, that they are changing
 something in the database. And they don't even have to be logged in!

 I will turn this suggestion back on itself and ask: Should a website be
 allowed to send email to an address that no longer wants it? The answer
 should be a distinct no, and indeed there are legal considerations here in
 some regions. There are cases here where developers have received admin
 notifications for 10 years (@askwpgirl) with no way to unsubscribe or stop
 the emails.

 > @cold-iron-chef it would be nice to opt out without setting up email
 filters on the client side.

 This reply is correct. Others have suggested that email filters are the
 answer. They are not. What if I change email clients or providers? Must I
 reset 10 years worth of filters because someone out there can't take 30
 seconds to change an email address and WordPress doesn't allow me to
 change it?


 Finally:

 I am going to point to above comment [comment:9 askwpgirl] which has some
 good balanced points.


 The paths forward that I think are the most promising:

 1. A magic link in all admin emails that allows the recipient to
 unsubscribe. Whether this removes the email (potentially problematic) or
 sets an opt-out flag, it doesn't matter. All that needs to happen is that
 WordPress is made aware that no further emails are to be sent to that
 email address. At the same time, an email could be sent to all admin-level
 users that a new admin email address must be set. We already have that
 periodic check in place. It could then show a more urgent notice to
 encourage admins to reset that value.

 2. Instead of an open text field, the "Administration Email Address" is a
 drop-down list of admin users. This requires many more considerations such
 as not being able to delete a user that is selected there. Or, what if
 there is only one admin user? There's some definite potential here, but it
 needs thought.

 3. Hide the "Administration Email Address" altogether, and send
 notifications to all admin-level users. Perhaps make it a checkbox option
 in the User settings to receive or not receive the emails. This makes it
 super simple, and ensures that as soon as a user is removed from the
 website, no emails reach them. Thinking about it a bit more, I actually
 like this option the best, even though it's not the simplest.


 I welcome more feedback on this by you, or any others in the community who
 want to note their experience and what solution might be best.

 Thank you!
 Andrew

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/60789#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list