[wp-meta] [Making WordPress.org] #4691: Break Password Hash when user is blocked

Making WordPress.org noreply at wordpress.org
Thu Aug 29 16:54:25 UTC 2019

#4691: Break Password Hash when user is blocked
 Reporter:  Ipstenu         |       Owner:  (none)
     Type:  enhancement     |      Status:  new
 Priority:  normal          |   Milestone:
Component:  Support Forums  |  Resolution:
 Keywords:                  |

Comment (by johnjamesjacoby):

 > mucking with the user data will cause an email to be sent

 It will only trigger an email if the ''WordPress Core'' functions are

 New functions can be written (like @Ipstenu linked to above in old
 bbPress) that can alter user data without sending emails or notifications,
 and without creating a new "Blocked" role like you recommended be done

 (A new role by itself does not effectively prevent an account from being
 accessed. The user of the account can still perform a password reset, log
 into it, and easily recover the account - they'll just have whatever
 capabilities the Role does or does not provide.)

 The goal in this issue (paraphrasing) is to invent a way to lock an
 account permanently. A new role on a single site is not enough here.
 WordPress.org is comprised of many sites, many multisite networks, and
 several non WordPress platforms.

Ticket URL: <https://meta.trac.wordpress.org/ticket/4691#comment:9>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list