Opened 4 years ago
Last modified 2 years ago
#48879 new enhancement
Changing Site Admin Email Assumes Username and Who Took the Action (which may be incorrect)
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Future Release | Priority: | normal |
| Severity: | minor | Version: | 5.3 |
| Component: | Users | Keywords: | good-first-bug has-patch dev-feedback |
| Focuses: | multisite | Cc: |
Description
(Note that this is on MultiSite and I don't know exactly how it functions on a single site install.)
I think the email message that is sent when someone updates a Site Admin Email Address should be modified as to NOT be addressed: Dear CURRENT_USER_NAME, and shouldn't say that "YOU" have recently requested to update the email.
If I want to change the site admin email for a site, the confirmation email goes to the new email address (say, a client), but the email says "Dear MadtownLems,". We have had a few cases now where these emails alarmed users and thought they were phishing attempts or had been hacked.
This is very confusing for our users, as they have received an email addressed to someone else, and it tells them that they tried to do something that they may not have tried to do. Rather, I believe the text would be much cleaner if it said something like:
"Someone ('MadtownLems') has requested to update the email address for the site..."
Attachments (2)
Change History (9)
#2
@
3 years ago
- Keywords good-first-bug added; 2nd-opinion removed
- Milestone changed from Awaiting Review to Future Release
#3
@
2 years ago
I took a look at this ticket and wasn't able to reproduce this issue. The message I'm getting when changing a site admin email is:
'Hi ###USERNAME###, This notice confirms that your email address on ###SITENAME### was changed to ###NEW_EMAIL###. If you did not change your email, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###'
It appears that this was fixed in a recent update in WordPress. If not, can you please explain how to reproduce this bug?
Is there anything else needed to be done on this ticket?
#4
@
2 years ago
The email message you have quoted is changing the email address of your user account. This ticket is about changing the Site Administration email address.
I confirmed this issue still exists on 5.8-RC-2
To reproduce:
1) Have a multisite environment.
2) Go to a subsite, Settings->General, and attempt to change the site administration email address.
The newly entered site administration email address will get a message that states:
"Howdy (USERNAME OF SOMEONE THAT MIGHT NOT BE THE ONE GETTING THIS EMAIL),
You recently requested to have..."
But again, this makes a huge assumption that the recipient of this email took the action. When they didn't, this is a very concerning email, as it makes people think that security has been compromised.
To summarize, the two issues with the email:
1) It is addressed to the username of the currently logged in user, even when that user is changing the site administration email address to someone else.
2) It says "YOU recently..." when there's no reason to believe that the owner of the new site administration email address actually took the action to trigger this email.
#5
@
2 years ago
- Keywords has-patch dev-feedback added; needs-patch removed
@MadtownLems thanks for the clarification. I submitted a patch with proposed changes.
#6
@
2 years ago
I like those changes, thanks!
I was hesitant to do a patch for this because I'm not sure what's all involved in changing text (if you have to factor in translations, etc)
Agreed this needs improving. There are other email notifications that work like this too, eg. the "Delete My Site" one is worded the same.