[wp-trac] [WordPress Trac] #40081: Remove wp-admin links from all Core emails

WordPress Trac noreply at wordpress.org
Tue Jul 15 21:12:50 UTC 2025 

#40081: Remove wp-admin links from all Core emails
-------------------------+------------------------------
 Reporter:  iandunn      |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Mail         |     Version:
 Severity:  minor        |  Resolution:
 Keywords:  2nd-opinion  |     Focuses:  administration
-------------------------+------------------------------

Comment (by SirLouen):

 Replying to [comment:5 johnbillion]:
 > This ticket went eight years without any further interest. Is this
 really an issue?

 I've not checked yet the format of every single email being sent by the
 system, only spotted one case that triggers this, the new site
 registration email.

 But its kind of weird, because there is an ongoing bug with block themes
 that throw a couple warning messages when you go into the new site
 registration form. So here we can probably find out, that probably this
 feature is being used by, around -10% of the total users.

 And maybe this is the sole email that includes the `/wp-
 admin/networtk/...` part that triggers this antispam rule. This is why I
 switched the severity to `Minor` until I trigger all emails in the system
 and see if its relevant or not.

 Finally let's be aware that prob, most MS users are not newbs with WP
 because, overall its a pretty advanced feature (from that 40% reported
 share I would like to know how much of MS are, prob less than 0.1%, not MS
 users, but MS administrators) and they might have already heavily
 personalized their emails so it might not be happening to them.

 Still, as suggested by SpamAssassin, adding `wp-admin` to emails overall
 is a bad practice as it has been spotted as a classic pishing technique.
 So maybe, we should consider it just in case we have some dangling emails
 that should be doing this just for the health and security of the project,
 right?

 Let me get some findings and I will report back as soon as I have them.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/40081#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list