[wp-meta] [Making WordPress.org] #4691: Break Password Hash when user is blocked
Making WordPress.org
noreply at wordpress.org
Thu Aug 29 16:54:25 UTC 2019
#4691: Break Password Hash when user is blocked
----------------------------+---------------------
Reporter: Ipstenu | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Support Forums | Resolution:
Keywords: |
----------------------------+---------------------
Comment (by johnjamesjacoby):
> mucking with the user data will cause an email to be sent
It will only trigger an email if the ''WordPress Core'' functions are
used.
New functions can be written (like @Ipstenu linked to above in old
bbPress) that can alter user data without sending emails or notifications,
and without creating a new "Blocked" role like you recommended be done
above.
(A new role by itself does not effectively prevent an account from being
accessed. The user of the account can still perform a password reset, log
into it, and easily recover the account - they'll just have whatever
capabilities the Role does or does not provide.)
The goal in this issue (paraphrasing) is to invent a way to lock an
account permanently. A new role on a single site is not enough here.
WordPress.org is comprised of many sites, many multisite networks, and
several non WordPress platforms.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4691#comment:9>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list