[wp-trac] [WordPress Trac] #33504: Cannot create a user without emailing a reset link
WordPress Trac
noreply at wordpress.org
Thu Sep 3 19:28:46 UTC 2015
#33504: Cannot create a user without emailing a reset link
--------------------------+--------------------
Reporter: Ipstenu | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.3.1
Component: Users | Version: 4.3
Severity: major | Resolution:
Keywords: has-patch | Focuses:
--------------------------+--------------------
Comment (by Ipstenu):
> Actually it does not email a reset link. Upon changing a password WP
sends a notification that the password has been changed and does not
include a reset link, just a link to the homepage and admin email.
Ah, okay, that's not what I was talking about. I see where you went
though! Thank you for explaining.
I don't think, from a security standpoint, it's wise to **not** alert
people to password changes. But it goes back to my question of why,
exactly, you are changing passwords for users?
Shared accounts, which is my guess of what you're doing, are complicated
and security fraught at best. I would lean towards giving them all a
disposable email and using this plugin - https://wordpress.org/plugins
/allow-multiple-accounts/ - to allow multiple accounts for that email.
Then you can change all you want and only the one email is pinged. Plus
you have the added benny of now being able to track test users :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33504#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list