#32430 closed task (blessed) (fixed)
Users should be notified of password/e-mail changes
Reported by: | markjaquith | Owned by: | markjaquith |
---|---|---|---|
Milestone: | 4.3 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Security | Keywords: | close |
Focuses: | Cc: |
Description
We should avoid silent account compromises be notifying users when their password or e-mail address is changed.
Attachments (9)
Change History (37)
This ticket was mentioned in Slack in #core-passwords by mark. View the logs.
9 years ago
This ticket was mentioned in Slack in #core-passwords by rmarks. View the logs.
9 years ago
#3
@
9 years ago
@rmarks this is good. I think we will have a few people want to alter the wording a bit but otherwise, I think it is good.
This ticket was mentioned in Slack in #core by mark. View the logs.
9 years ago
This ticket was mentioned in Slack in #core-passwords by mark. View the logs.
9 years ago
#7
@
9 years ago
The password change notification wasn't working, because it was added to the lost/reset portion of the code. I moved it to wp_update_user()
. Reworded it a little bit.
This ticket was mentioned in Slack in #core by mark. View the logs.
9 years ago
#10
@
9 years ago
I've changed it slightly to modify the filters a bit so it's possible to disable the emails and filter all of the wp_mail params.
Eg use cases: send only one email if both password and email modified, disable send if user on email server blacklist, give a notice if the new email address is blocked similarly.
#11
@
9 years ago
The above comment is actually not true, it just avoids the warning/notice when they're not set.
#12
@
9 years ago
- Owner set to markjaquith
- Resolution set to fixed
- Status changed from new to closed
In 32820:
#13
@
9 years ago
- Keywords 2nd-opinion added; has-patch needs-testing removed
- Resolution fixed deleted
- Status changed from closed to reopened
I think some improvements can be made to the text in these emails.
- The "Notice of Password Change" and "Notice of Email Change" subject lines sound a bit clunky. A better phrase would be something like "Email Changed" or "Your email address has been changed".
- The phrase "If you did not change your password, please contact the Site Administrator at ###ADMIN_EMAIL###" does not make any sense if I am the only user on the site, or if I am the site administrator. How about some logic to only include this line when appropriate? ("Site Administrator" probably shouldn't be capitalised either.)
- The "Regards, All at ###SITENAME###" signature is indeed similar to the signature that's present in other emails that get sent out, but again it's not appropriate if I'm the only user on the site. Seeing as this is an automated security information email, and does not actually include the regards of anyone, I think this can be dropped. Maybe just leave the site URL in the signature.
#14
follow-up:
↓ 25
@
9 years ago
- Keywords has-patch added
32430.filters.diff improves the newly added filter docs and changes the name of the send_pass_change_email
filter to send_password_change_email
.
#15
@
9 years ago
- Looking at the limited sample of emails I've received, "Email Address Change" seems to be most often used - it should be short enough to make sense when looking at a phone's inbox.
- I'd send the same emails to everyone. Seeing the exact email everyone else is getting is useful and to test user or role dependent emails it's necessary to make a new account. It'd be nice not to have to do that here as this is such a basic feature. It's also a bit of a double check on the admin email address - as this isn't tied to a user, it can be easy to forget to update it when updating your email address if you're the site administrator (or that might just be me...). Agree that changing the capitalisation would be good.
#17
@
9 years ago
Another issue: a password change notification email will be sent out if a password is specified when adding a new user.
#18
@
9 years ago
I will take a look at this today and get the new user + specified password worked out.
#19
@
9 years ago
Looked into this and chatted with @johnbillion and it does not send the password notification email on new user creation.
#21
@
9 years ago
- Keywords needs-patch added; has-patch removed
@MikeHansenMe could you create a patch to address these issues?
#23
@
9 years ago
- Keywords close added; 2nd-opinion needs-patch removed
Just chatted with @obenland about this. It not sending the email is expected because the password was specified. Based on sending reset links instead of plain text passwords, this is expected behavior. I think we are all done here based on the original intent of the ticket.
#25
in reply to:
↑ 14
@
9 years ago
Replying to johnbillion:
32430.filters.diff improves the newly added filter docs and changes the name of the
send_pass_change_email
filter tosend_password_change_email
.
Can the main idea of this patch get a second look? The current name send_pass_change_email
is just terrible.
First draft of password notice to user.