WordPress.org

Make WordPress Core

Opened 8 months ago

Last modified 8 months ago

#48563 new enhancement

Changing site admin email address is backwards

Reported by: maguijo Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: 2nd-opinion
Focuses: administration Cc:

Description

The current process for changing the admin email address in the General settings tab seems pretty sketchy to me.

Currently:

  1. Change the email address.
  2. Confirmation email is sent to the NEW admin.
  3. New admin confirms
  4. Email sent to OLD admin to inform him or her it was done.

It should be:

  1. Change the email address.
  2. Confirmation email sent to OLD admin to be sure it’s ok to change this very important information.
  3. Old admin confirms it’s ok (or freaks out and starts changing passwords because he or she did not initiate this process).
  4. Email is sent to NEW admin to accept the invite and to verify the address.
  5. NEW admin confirms address and accepts new responsibility.
  6. Email goes to old admin to let them know the process has been completed.

Change History (3)

#1 @SergeyBiryukov
8 months ago

  • Component changed from Administration to Users
  • Focuses administration added

#2 @knutsp
8 months ago

Old admin email may not work, and this may be the reason for changing it. Administrators are allowed to change the admin email. Confirmation is to ensure it's a working email address and that the new recipient acknowledges the responsibility.

Last edited 8 months ago by knutsp (previous) (diff)

#3 @johnbillion
8 months ago

  • Keywords 2nd-opinion added

Yeah the functionality is intended to allow a user to change their email address when they may no longer have access to the existing address on record. This is a fairly standard process for changing your email address on a web service - verify intent with the new address and then notify the old address.

This could be improved though - for example by providing a quick ability for the address to be reverted and for other logged in sessions to be revoked (both possible but not quickly).

Note: See TracTickets for help on using tickets.