[wp-trac] [WordPress Trac] #60258: Security Concern and Enhancement Request: Disable Admin Role Assignment on User Registration
WordPress Trac
noreply at wordpress.org
Mon Jan 15 17:06:03 UTC 2024
#60258: Security Concern and Enhancement Request: Disable Admin Role Assignment on
User Registration
----------------------------+-----------------------------
Reporter: arunu1996 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.4.2
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
Hi,
I recently identified a potential security threat in WordPress related to
the **"Anyone can register"** setting under **General Settings**.
Currently, when this setting is enabled, new users can be assigned the
**Administrator** role during registration, posing a security risk.
I propose the addition of an option in the ''wp-config.php'' file to
disable the assignment of the **Administrator** role option for the **New
User Default role** field in general settings. This would provide an extra
layer of security for WordPress websites.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60258>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list