Default registration assumptions in WP Multisite
|Reported by:||terryjsmith||Owned by:||nacin|
By default, when you create a new site, it does not set the "registration" site meta key. However, in wp-signup.php by default it assumes it to "all" and allows users and sites to be created (line 381):
// Main $active_signup = get_site_option( 'registration' ); if ( !$active_signup ) $active_signup = 'all';
However, in the network settings page, by default it sets it to none (line 75):
if ( !get_site_option( 'registration' ) ) update_site_option( 'registration', 'none' );
With the new simple flow from a standalone to multi-site installation, new blogs should likely have it set to none by default or it should be an option during set up.
Props to leenewton for discovery.
Change History (9)
6 years ago
- Component changed from General to Security
- Severity changed from major to normal