[wp-trac] [WordPress Trac] #34281: Allow admins to send users a 'Reset Password' link
WordPress Trac
noreply at wordpress.org
Mon Feb 22 13:56:35 UTC 2021
#34281: Allow admins to send users a 'Reset Password' link
-------------------------------------------------+-------------------------
Reporter: Ipstenu | Owner:
| adamsilverstein
Type: task (blessed) | Status: reopened
Priority: normal | Milestone: 5.7
Component: Users | Version: 4.4
Severity: normal | Resolution:
Keywords: has-screenshots has-ux-feedback | Focuses: javascript
has-patch has-dev-note |
-------------------------------------------------+-------------------------
Comment (by carike):
I had a quick look at the P2 post. I agree that it would be preferable to
remove the IP address entirely.
The reasoning for this is that when a user requests a change of their own
password, they would have one of two legitimate interests in knowing the
information:
1.) It is their own IP address;
2.) Someone is possibly trying to phish / hack them and they have a
security-based interest.
Both of these are legitimate interests.
However, it is not desirable to give users access to the admin's IP
address. I would not even want users to have access to my username (I
would feel more comfortable if it included the display name, if any
details had to be included at all).
I'm also concerned that with many WordPress users not being very tech
savvy (and that is okay, that is the magic of crowd-sourcing code), this
feature may make it easier for bad actors to phish.
Banks have spent billions trying to teach people not to click on any links
in e-mails that you did not initiate yourself. :sunflower:
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34281#comment:103>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list