WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 3 months ago

#14644 reopened feature request

Administrator should be able to change usernames

Reported by: holizz Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: dev-feedback close
Focuses: Cc:

Description

I can't think of any reason why administrators shouldn't be able to change usernames.

I do this occasionally (via SQL) and find that it causes no problems whatsoever (that I've noticed).

Change History (27)

comment:1 @ramiy5 years ago

  • Component changed from General to Users

I think you can do this by using plugins.

comment:2 @Denis-de-Bernardy5 years ago

One problem you could get, if you do this using the db while using memcached, is the the old value remains in the store until memory runs out.

comment:3 @nacin5 years ago

  • Keywords close added

As Denis highlighted, this is a caching issue. Additionally, it also breaks URLs and such, which is why I don't think administrators should be able to do it either.

Seems simple enough to relegate to a plugin, or a straight DB edit.

Suggesting wontfix.

comment:4 @johanee5 years ago

I think this functionality would be useful. But not so useful I'll implement it myself right now.

Depending on what you want to accomplish it is also a bit trickier than simply changing a value in DB -- if you want to do it right.

How to handle the interaction username, nicename, displayname should really be considered if any change were to be made in core WordPress.

One problem you could get, if you do this using the db while using memcached, is the the old value remains in the store until memory runs out.

Surely memcached allows invalidation. And we already have clean_user_cache($id).

... it also breaks URLs and such, which is why I don't think administrators should be able to do it either.

Administrators have plenty ways already to break URLs. :)

Furthermore URLs use user "nicename" values which are separate from (but constructed based on) username. From a security viewpoint it would actually be interesting to be able to set these separately.

Changing a username will of course make the users current auth cookie invalid.

comment:5 @jane5 years ago

  • Type changed from defect (bug) to feature request

This is a feature request, not a bug report, since it currently functions as intended.

I'm with @nacin that it's still plugin territory for now. It's a handy feature, but not one that everyone needs all the time, and those that do are probably clever enough to install a plugin.

comment:6 @nacin5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

comment:7 @ryansatterfield3 years ago

  • Keywords 2nd-opinion added
  • Resolution wontfix deleted
  • Status changed from closed to reopened

I believe this needs to be reopened. You should be able to change the username in the settings. In my opinion the username and nice name should be separate. I do not believe this should be in plugin territory, unless it is made by wordpressdotorg or wordpressdotcom. Plugins are exploited left and right, so it doesn't seem logical to keep this in the plugin territory, since it is editing a core part of WordPress.

So many people have the username admin and don't know how to change it.

comment:8 @SergeyBiryukov3 years ago

  • Milestone set to Awaiting Review

comment:9 @knutsp3 years ago

  • Cc knut@… added

comment:10 @alexvorn23 years ago

  • Cc alexvornoffice@… added

comment:11 @adamsilverstein3 years ago

  • Cc ADAMSILVERSTEIN@… added

comment:12 @ryan3 years ago

Changing user names break permalinks. If we did this we'd need to add old slug redirects for users.

comment:13 @knutsp3 years ago

Changing categories and tags may also break permalinks, as long as the slug is also changed. An administrator can do a lot to harm permalinks if he doesn't know how they are built and the importance of keeping them permanent. For users the user_nicename is the slug. Just keep the slug and perhaps display it in user-edit.php.

comment:14 follow-up: @douglsmith3 years ago

wordpress.com even allows users to change their username (with the caveat that you can never go back to the old one.) Anyone know how that is handled?

comment:15 in reply to: ↑ 14 ; follow-up: @alexvorn23 years ago

Replying to douglsmith:

wordpress.com even allows users to change their username (with the caveat that you can never go back to the old one.) Anyone know how that is handled?

on wordpress.com users are not admins.

comment:16 in reply to: ↑ 15 @kovshenin3 years ago

Replying to alexvorn2:

on wordpress.com users are not admins.

They are admins, but not super admins.

comment:17 @SergeyBiryukov2 years ago

Replying to ryansatterfield:

In my opinion the username and nice name should be separate.

Related: #24078

Last edited 2 years ago by SergeyBiryukov (previous) (diff)

comment:18 @ryansatterfield2 years ago

  • Keywords close removed

Yes, they are related, but this was opened 3 years ago. Related #24078 was opened 7 hours ago.

comment:19 follow-up: @alexvorn22 years ago

The solution is simple: create a new user, make him admin too, and delete the admin user.

Version 0, edited 2 years ago by alexvorn2 (next)

comment:20 in reply to: ↑ 19 ; follow-up: @azaozz2 years ago

Replying to alexvorn2:

Which will break permalinks even more than changing the username along with a lot of other stuff, like some post meta, where the user ID is stored.

comment:21 in reply to: ↑ 20 ; follow-up: @drewnorthup18 months ago

Replying to azaozz:

Replying to alexvorn2:

Which will break permalinks even more than changing the username along with a lot of other stuff, like some post meta, where the user ID is stored.

Granted that, is there a chance for getting a simple monotonically increasing index key made the PK/FK data instead of the username? Perhaps sometime in 4.x?

comment:22 follow-up: @ideag3 months ago

Are there any other problems, except for changes in permalinks, that could arise from allowing users/admins to change the usernames?
If not, I think a strongly worded remark next to the field/additional "are you sure?" confirmation loop should be sufficient to prevent users from doing this accidentaly.

comment:23 in reply to: ↑ 21 @chriscct73 months ago

Replying to drewnorthup:

Replying to azaozz:

Replying to alexvorn2:

Which will break permalinks even more than changing the username along with a lot of other stuff, like some post meta, where the user ID is stored.

Granted that, is there a chance for getting a simple monotonically increasing index key made the PK/FK data instead of the username? Perhaps sometime in 4.x?

That's the user_id

comment:24 in reply to: ↑ 22 ; follow-up: @chriscct73 months ago

Replying to ideag:

Are there any other problems, except for changes in permalinks, that could arise from allowing users/admins to change the usernames?
If not, I think a strongly worded remark next to the field/additional "are you sure?" confirmation loop should be sufficient to prevent users from doing this accidentaly.

Among other things, it's stored in post meta, and many plugins are built around the idea of usernames not changing. If they've stored the username and are doing lookups by username instead of the user_id you break all of those.

comment:25 @chriscct73 months ago

  • Keywords dev-feedback close added; 2nd-opinion removed

comment:26 @chriscct73 months ago

If the ability to change usernames, we'd need to make a transition_username function those plugins could hook into. However, we'd still be breaking older plugins that aren't updated or older installs of updated plugins. No good way around that except to do a full on database find and replace. There's plugins that do just that that are pretty good: https://wordpress.org/plugins/username-changer/

comment:27 in reply to: ↑ 24 @ideag3 months ago

Replying to chriscct7:

Among other things, it's stored in post meta, and many plugins are built around the idea of usernames not changing. If they've stored the username and are doing lookups by username instead of the user_id you break all of those.

Sigh, thats why we can't have nice things... Any particular plugins doing just that (storing user_login and then doing lookups)? I just did a quick scan through a dozen or so of my sites and haven't found such instances, but my plugin usage is pretty limited - I mostly use popular, well coded stuff. I wonder how widespread this use-case actually is.

Note: See TracTickets for help on using tickets.