Changes between Version 2 and Version 3 of Ticket #46349, comment 31
- Timestamp:
- 06/04/2019 03:46:05 AM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #46349, comment 31
v2 v3 8 8 It's used in just one place so this would work well. 9 9 10 Thinking it's not a good idea to do `delete_option( 'admin_email_lifespan' );` at the top of wp-login.php. If the option has been deleted, it will go to the DB to try and get it again, and that file may be a subject of brute force login attempts :)10 Thinking it's not a good idea to do `delete_option( 'admin_email_lifespan' );` at the top of wp-login.php. If the option has been deleted, it will go to the DB to try and get it again, and that file may be a subject of brute force login attempts. 11 11 12 12 Maybe we can keep the option and set it to some value (this is actually the "recommended way" to use options, make sure they exist at all times and don't change the value (write to the DB) for non-authenticated users). That will also remove the need to delete it. 13 13 14 Also wondering if plugins should be able to remove the whole check. This is a good security feature. If we add a filter for `ADMIN_EMAIL_MAX_AGE`, perhaps this should be hard-coded, not added with a filter on `'login_redirect'`. 15 14 16 The rest is minor/nitpicks :) Generally HTML tags should be avoided in translatable strings. Think there was something in the coding standards against nested single `if` (but may be mixing that with the JS linting/coding standards). 17 18