[wp-trac] [WordPress Trac] #33759: An admin changing an email/password should not generate a notification
WordPress Trac
noreply at wordpress.org
Mon Sep 7 08:31:39 UTC 2015
#33759: An admin changing an email/password should not generate a notification
--------------------------+------------------------------
Reporter: smerriman | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.3
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by atomicjack):
Arguably, it is more secure...
If someone takes over an admin account, and changes account details of
other users, the users will be notified, and they will be able to say "hey
what's going on here?" and the actual admin may become aware that an admin
account has been hijacked, whereas otherwise they may not have been and it
may have taken longer.
I would say, keep the notification, but alter the actual wording if an
admin account made the change.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33759#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list