[wp-trac] [WordPress Trac] #60258: Security Concern and Enhancement Request: Disable Admin Role Assignment on User Registration
WordPress Trac
noreply at wordpress.org
Tue Jan 16 08:38:43 UTC 2024
#60258: Security Concern and Enhancement Request: Disable Admin Role Assignment on
User Registration
-------------------------+---------------------------------
Reporter: arunu1996 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 6.4.2
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: ui, administration
-------------------------+---------------------------------
Changes (by benniledl):
* keywords: => needs-patch
* focuses: administration => ui, administration
* component: Security => Users
Comment:
Hey! In **my humble opinion, removing this feature is not a good idea**.
Some plugins, such as WooCommerce or BBPress, add custom user roles, and
depending on the site's needs, a role must be auto-assigned.
You do make a valid point, though; the combination of allowing anyone to
register and auto-assigning the administrator role is risky. While I
believe that site administrators are generally aware that this is not a
secure configuration, mistakes can still happen.
Therefore, I think **adding an extra warning is a very good idea**!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60258#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list