[wp-trac] [WordPress Trac] #46349: Is your this admin email still correct
WordPress Trac
noreply at wordpress.org
Tue Feb 26 12:15:29 UTC 2019
#46349: Is your this admin email still correct
-------------------------+-------------------------------------------------
Reporter: | Owner: (none)
andraganescu |
Type: feature | Status: new
request |
Priority: normal | Milestone: Awaiting Review
Component: | Version: 5.1
Administration | Keywords: 2nd-opinion needs-design ux-
Severity: normal | feedback
Focuses: |
-------------------------+-------------------------------------------------
Use a reminder type of notification that checks with the users that some
of their details in settings are still up to date.
== Rationale:
In the recent discussions on #core-php about the WSOD recovery and the
recovery email that should be sent, to announce that the site experienced
a fatal error and that they might be locked out of their website's admin,
some participants persistently raised the issue of the admin email being
either one of:
- outdated
- set to a catch all email address which is never checked
- set automatically by the host in the process of one-click-installs
Since the admin email is by all means the correct value to use when the
system decides to send that email we need to make sure we do our best to
keep it accurate and not a useless setting nobody cares for.
For now the whole discussion should be about the admin email setting, I
was unable to find another candidate so I am unsure if this would require
an extensibility API of some kind. However perhaps some plugins like the
ones for 2FA could use it.
== Solution
We could have a small notification that is triggered by either one of:
- a certain amount of time since the last login
- a certain amount of time since the last notification was displayed
This notification explains that some settings are important and need to be
revised in order to ensure the security and well functioning of their
site. Then it asks about the setting and if it is correct.
== Similar approaches
Many current online apps use this style of notification to prompt the user
into checking their email, phone number, secondary addresses, even credit
card details. This helps prevent many unwanted issues. Of course now I was
unable to find the exact screens I am talking about, but I am sure others
have seen them :D
== How it works
This can be either one or all of:
- a top bar that leads to a screen where these options can be updated,
least invasive
- a section in the dashboard that does not disappear until it is confirmed
or updated, medium invasive
- a screen right after login that cannot be bypassed until it is confirmed
or updated, hardcore! This screen only shows up if the logging in user has
the required cap to edit the settings.
We could store the confirmation flag and date using the option API and use
WP Cron to check these options once in a while. For the most invasive
implementation option then the auth flow needs to be updated to check for
the options.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46349>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list