Make WordPress Core

Opened 5 years ago

Last modified 4 years ago

#48563 new enhancement

Changing site admin email address is backwards

Reported by: maguijo's profile maguijo Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: 2nd-opinion
Focuses: administration Cc:

Description

The current process for changing the admin email address in the General settings tab seems pretty sketchy to me.

Currently:

  1. Change the email address.
  2. Confirmation email is sent to the NEW admin.
  3. New admin confirms
  4. Email sent to OLD admin to inform him or her it was done.

It should be:

  1. Change the email address.
  2. Confirmation email sent to OLD admin to be sure it’s ok to change this very important information.
  3. Old admin confirms it’s ok (or freaks out and starts changing passwords because he or she did not initiate this process).
  4. Email is sent to NEW admin to accept the invite and to verify the address.
  5. NEW admin confirms address and accepts new responsibility.
  6. Email goes to old admin to let them know the process has been completed.

Change History (7)

#1 @SergeyBiryukov
5 years ago

  • Component changed from Administration to Users
  • Focuses administration added

#2 @knutsp
5 years ago

Old admin email may not work, and this may be the reason for changing it. Administrators are allowed to change the admin email. Confirmation is to ensure it's a working email address and that the new recipient acknowledges the responsibility.

Last edited 5 years ago by knutsp (previous) (diff)

#3 @johnbillion
5 years ago

  • Keywords 2nd-opinion added

Yeah the functionality is intended to allow a user to change their email address when they may no longer have access to the existing address on record. This is a fairly standard process for changing your email address on a web service - verify intent with the new address and then notify the old address.

This could be improved though - for example by providing a quick ability for the address to be reverted and for other logged in sessions to be revoked (both possible but not quickly).

#4 @SergeyBiryukov
4 years ago

#53093 was marked as a duplicate.

#5 @anonymized_17160716
4 years ago

@lars2923

As it stands, I as a hacker can change the address to my address and it is my address that received the email requesting acknowledgement, not yours.

You know, you can change the Network Admin Email on the /wp-admin/options.php page w/o any confirmations (admin_email and new_admin_email input fields), so it's definitely not a security measure.

added a notification sent to the old admin email address as well, to reduce the chances of a site compromise going unnoticed.

This notification can be suppressed in advance by blocking the sending of all messages using plugins or special code (if we are talking about a compromised resource).

Last edited 4 years ago by anonymized_17160716 (previous) (diff)

#6 @SergeyBiryukov
4 years ago

you can change the Network Admin Email on the /wp-admin/options.php page w/o any confirmations

Related: #47718

Last edited 4 years ago by SergeyBiryukov (previous) (diff)

#7 @lars2923
4 years ago

Perfect... That worked.. Thank you

Note: See TracTickets for help on using tickets.