[wp-meta] [Making WordPress.org] #4691: Break Password Hash when user is blocked

Making WordPress.org noreply at wordpress.org
Thu Aug 29 17:26:28 UTC 2019


#4691: Break Password Hash when user is blocked
----------------------------+---------------------
 Reporter:  Ipstenu         |       Owner:  (none)
     Type:  enhancement     |      Status:  new
 Priority:  normal          |   Milestone:
Component:  Support Forums  |  Resolution:
 Keywords:                  |
----------------------------+---------------------

Comment (by johnjamesjacoby):

 > My understanding of it was to block accesss for all the sites connected
 via SSO

 It is.

 > The role I mentioned could prevent access by removing all the user's
 capabilities, clearing all sessions, and checking for that role upon login

 It is not that simple. All of those things are possible (and will likely
 happen) but the role is mostly irrelevant.

 WordPress Roles are per-site. There is no such thing as an "installation
 wide" user role. There is no code to check if a user is blocked on any of
 dozens of sites that currently exist.

 (For example, if I block a user from bbPress.org, they are not
 automatically blocked on WordPress.org.)

 Code needs to written to prevent access globally, across everything, no
 matter what WordPress Site they are misbehaving on, and a single Role on a
 single Site cannot do that by itself.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/4691#comment:11>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list