[wp-trac] [WordPress Trac] #46661: Add a control to hide "New Default Role" from WP ADMIN via WP Config
WordPress Trac
noreply at wordpress.org
Tue Mar 26 18:14:35 UTC 2019
#46661: Add a control to hide "New Default Role" from WP ADMIN via WP Config
-------------------------+-----------------------------
Reporter: gsh1923 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: major | Keywords:
Focuses: |
-------------------------+-----------------------------
Hi there
Recently there was a Vulnerability Detected in a plugin that we use.
What I found pretty nuts is that once the user had been created as an
admin it was possible for them to easily change the “default new user
role” setting by going over to General and changing the drop-down box.
I wondered therefore two things:
a) Is there a way that in wp-config some kind of special magic code would
mean that that particular part of the WP would be hidden if set, thus
meaning that the "Default New User Role" could only be changed with access
to FTP.
b) If not, some kind of internal security ping that gets sent out to the
site ADMIN in cases where the "Default New User Role" value is changed.
It was suggested that I write this here having posted to here:
https://wordpress.org/support/topic/new-default-role-wp-config-
add-a-control/#post-11358317
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46661>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list