Make WordPress Core

Opened 14 years ago

Closed 9 years ago

#14644 closed feature request (wontfix)

Administrator should be able to change usernames

Reported by: holizz's profile holizz Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Users Keywords: dev-feedback close
Focuses: Cc:

Description

I can't think of any reason why administrators shouldn't be able to change usernames.

I do this occasionally (via SQL) and find that it causes no problems whatsoever (that I've noticed).

Change History (28)

#1 @ramiy
14 years ago

  • Component changed from General to Users

I think you can do this by using plugins.

#2 @Denis-de-Bernardy
14 years ago

One problem you could get, if you do this using the db while using memcached, is the the old value remains in the store until memory runs out.

#3 @nacin
14 years ago

  • Keywords close added

As Denis highlighted, this is a caching issue. Additionally, it also breaks URLs and such, which is why I don't think administrators should be able to do it either.

Seems simple enough to relegate to a plugin, or a straight DB edit.

Suggesting wontfix.

#4 @johanee
14 years ago

I think this functionality would be useful. But not so useful I'll implement it myself right now.

Depending on what you want to accomplish it is also a bit trickier than simply changing a value in DB -- if you want to do it right.

How to handle the interaction username, nicename, displayname should really be considered if any change were to be made in core WordPress.

One problem you could get, if you do this using the db while using memcached, is the the old value remains in the store until memory runs out.

Surely memcached allows invalidation. And we already have clean_user_cache($id).

... it also breaks URLs and such, which is why I don't think administrators should be able to do it either.

Administrators have plenty ways already to break URLs. :)

Furthermore URLs use user "nicename" values which are separate from (but constructed based on) username. From a security viewpoint it would actually be interesting to be able to set these separately.

Changing a username will of course make the users current auth cookie invalid.

#5 @jane
14 years ago

  • Type changed from defect (bug) to feature request

This is a feature request, not a bug report, since it currently functions as intended.

I'm with @nacin that it's still plugin territory for now. It's a handy feature, but not one that everyone needs all the time, and those that do are probably clever enough to install a plugin.

#6 @nacin
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

#7 @ryansatterfield
11 years ago

  • Keywords 2nd-opinion added
  • Resolution wontfix deleted
  • Status changed from closed to reopened

I believe this needs to be reopened. You should be able to change the username in the settings. In my opinion the username and nice name should be separate. I do not believe this should be in plugin territory, unless it is made by wordpressdotorg or wordpressdotcom. Plugins are exploited left and right, so it doesn't seem logical to keep this in the plugin territory, since it is editing a core part of WordPress.

So many people have the username admin and don't know how to change it.

#8 @SergeyBiryukov
11 years ago

  • Milestone set to Awaiting Review

#9 @knutsp
11 years ago

  • Cc knut@… added

#10 @alexvorn2
11 years ago

  • Cc alexvornoffice@… added

#11 @adamsilverstein
11 years ago

  • Cc ADAMSILVERSTEIN@… added

#12 @ryan
11 years ago

Changing user names break permalinks. If we did this we'd need to add old slug redirects for users.

#13 @knutsp
11 years ago

Changing categories and tags may also break permalinks, as long as the slug is also changed. An administrator can do a lot to harm permalinks if he doesn't know how they are built and the importance of keeping them permanent. For users the user_nicename is the slug. Just keep the slug and perhaps display it in user-edit.php.

#14 follow-up: @douglsmith
11 years ago

wordpress.com even allows users to change their username (with the caveat that you can never go back to the old one.) Anyone know how that is handled?

#15 in reply to: ↑ 14 ; follow-up: @alexvorn2
11 years ago

Replying to douglsmith:

wordpress.com even allows users to change their username (with the caveat that you can never go back to the old one.) Anyone know how that is handled?

on wordpress.com users are not admins.

#16 in reply to: ↑ 15 @kovshenin
11 years ago

Replying to alexvorn2:

on wordpress.com users are not admins.

They are admins, but not super admins.

#17 @SergeyBiryukov
11 years ago

Replying to ryansatterfield:

In my opinion the username and nice name should be separate.

Related: #24078

Last edited 11 years ago by SergeyBiryukov (previous) (diff)

#18 @ryansatterfield
11 years ago

  • Keywords close removed

Yes, they are related, but this was opened 3 years ago. Related #24078 was opened 7 hours ago.

#19 follow-up: @alexvorn2
11 years ago

The solution is simple: create a new user, make him admin too, and delete the "admin" user.

Last edited 11 years ago by alexvorn2 (previous) (diff)

#20 in reply to: ↑ 19 ; follow-up: @azaozz
11 years ago

Replying to alexvorn2:

Which will break permalinks even more than changing the username along with a lot of other stuff, like some post meta, where the user ID is stored.

#21 in reply to: ↑ 20 ; follow-up: @drewnorthup
10 years ago

Replying to azaozz:

Replying to alexvorn2:

Which will break permalinks even more than changing the username along with a lot of other stuff, like some post meta, where the user ID is stored.

Granted that, is there a chance for getting a simple monotonically increasing index key made the PK/FK data instead of the username? Perhaps sometime in 4.x?

#22 follow-up: @ideag
9 years ago

Are there any other problems, except for changes in permalinks, that could arise from allowing users/admins to change the usernames?
If not, I think a strongly worded remark next to the field/additional "are you sure?" confirmation loop should be sufficient to prevent users from doing this accidentaly.

#23 in reply to: ↑ 21 @chriscct7
9 years ago

Replying to drewnorthup:

Replying to azaozz:

Replying to alexvorn2:

Which will break permalinks even more than changing the username along with a lot of other stuff, like some post meta, where the user ID is stored.

Granted that, is there a chance for getting a simple monotonically increasing index key made the PK/FK data instead of the username? Perhaps sometime in 4.x?

That's the user_id

#24 in reply to: ↑ 22 ; follow-up: @chriscct7
9 years ago

Replying to ideag:

Are there any other problems, except for changes in permalinks, that could arise from allowing users/admins to change the usernames?
If not, I think a strongly worded remark next to the field/additional "are you sure?" confirmation loop should be sufficient to prevent users from doing this accidentaly.

Among other things, it's stored in post meta, and many plugins are built around the idea of usernames not changing. If they've stored the username and are doing lookups by username instead of the user_id you break all of those.

#25 @chriscct7
9 years ago

  • Keywords dev-feedback close added; 2nd-opinion removed

#26 @chriscct7
9 years ago

If the ability to change usernames, we'd need to make a transition_username function those plugins could hook into. However, we'd still be breaking older plugins that aren't updated or older installs of updated plugins. No good way around that except to do a full on database find and replace. There's plugins that do just that that are pretty good: https://wordpress.org/plugins/username-changer/

#27 in reply to: ↑ 24 @ideag
9 years ago

Replying to chriscct7:

Among other things, it's stored in post meta, and many plugins are built around the idea of usernames not changing. If they've stored the username and are doing lookups by username instead of the user_id you break all of those.

Sigh, thats why we can't have nice things... Any particular plugins doing just that (storing user_login and then doing lookups)? I just did a quick scan through a dozen or so of my sites and haven't found such instances, but my plugin usage is pretty limited - I mostly use popular, well coded stuff. I wonder how widespread this use-case actually is.

#28 @wonderboymusic
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from reopened to closed

I support the caution from 2 years ago

Note: See TracTickets for help on using tickets.