[wp-trac] [WordPress Trac] #43936: Settings: Warn when open registration and new user default is privileged
WordPress Trac
noreply at wordpress.org
Wed Jan 17 16:41:34 UTC 2024
#43936: Settings: Warn when open registration and new user default is privileged
-------------------------------------+-----------------------------
Reporter: kraftbj | Owner: SergeyBiryukov
Type: feature request | Status: reviewing
Priority: normal | Milestone: Future Release
Component: Security | Version:
Severity: major | Resolution:
Keywords: has-patch needs-refresh | Focuses: administration
-------------------------------------+-----------------------------
Comment (by arunu1996):
Replying to [comment:18 eatingrules]:
> I'd like to add another vote here to not allow new user default roles to
be Editor or Administrator if "Anyone can register" is enabled.
>
> We had a client this morning discover that all new accounts her site
were being created as Administrators... She became aware of it only once a
customer pointed out to her that she had been granted Admin access after
she purchased. We have no idea when/how/why the default setting changed
to Administrator (thankfully, at this point haven't found any evidence of
other malicious behavior).
>
> Thanks!
>
This same thing happened to one of our client last week.
I suggest preventing new user roles from being set as Editor or
Administrator when the "Anyone can register" option is enabled.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43936#comment:32>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list