WordPress.org

Make WordPress Core

Opened 23 months ago

Last modified 3 months ago

#48879 new enhancement

Changing Site Admin Email Assumes Username and Who Took the Action (which may be incorrect)

Reported by: MadtownLems Owned by:
Milestone: Future Release Priority: normal
Severity: minor Version: 5.3
Component: Users Keywords: good-first-bug has-patch dev-feedback
Focuses: multisite Cc:

Description

(Note that this is on MultiSite and I don't know exactly how it functions on a single site install.)

I think the email message that is sent when someone updates a Site Admin Email Address should be modified as to NOT be addressed: Dear CURRENT_USER_NAME, and shouldn't say that "YOU" have recently requested to update the email.

If I want to change the site admin email for a site, the confirmation email goes to the new email address (say, a client), but the email says "Dear MadtownLems,". We have had a few cases now where these emails alarmed users and thought they were phishing attempts or had been hacked.

This is very confusing for our users, as they have received an email addressed to someone else, and it tells them that they tried to do something that they may not have tried to do. Rather, I believe the text would be much cleaner if it said something like:

"Someone ('MadtownLems') has requested to update the email address for the site..."

Attachments (1)

48879.diff (696 bytes) - added by ilovecats7 4 months ago.

Download all attachments as: .zip

Change History (8)

#1 @sabernhardt
12 months ago

  • Component changed from General to Users
  • Focuses multisite added

#2 @johnbillion
12 months ago

  • Keywords good-first-bug added; 2nd-opinion removed
  • Milestone changed from Awaiting Review to Future Release

Agreed this needs improving. There are other email notifications that work like this too, eg. the "Delete My Site" one is worded the same.

#3 @ilovecats7
4 months ago

I took a look at this ticket and wasn't able to reproduce this issue. The message I'm getting when changing a site admin email is:

'Hi ###USERNAME###,

This notice confirms that your email address on ###SITENAME### was changed to ###NEW_EMAIL###.

If you did not change your email, please contact the Site Administrator at
###ADMIN_EMAIL###

This email has been sent to ###EMAIL###

Regards,
All at ###SITENAME###
###SITEURL###'

It appears that this was fixed in a recent update in WordPress. If not, can you please explain how to reproduce this bug?

Is there anything else needed to be done on this ticket?

#4 @MadtownLems
4 months ago

The email message you have quoted is changing the email address of your user account. This ticket is about changing the Site Administration email address.

I confirmed this issue still exists on 5.8-RC-2

To reproduce:

1) Have a multisite environment.
2) Go to a subsite, Settings->General, and attempt to change the site administration email address.

The newly entered site administration email address will get a message that states:

"Howdy (USERNAME OF SOMEONE THAT MIGHT NOT BE THE ONE GETTING THIS EMAIL),

You recently requested to have..."

But again, this makes a huge assumption that the recipient of this email took the action. When they didn't, this is a very concerning email, as it makes people think that security has been compromised.

To summarize, the two issues with the email:

1) It is addressed to the username of the currently logged in user, even when that user is changing the site administration email address to someone else.
2) It says "YOU recently..." when there's no reason to believe that the owner of the new site administration email address actually took the action to trigger this email.

@ilovecats7
4 months ago

#5 @ilovecats7
4 months ago

  • Keywords has-patch dev-feedback added; needs-patch removed

@MadtownLems thanks for the clarification. I submitted a patch with proposed changes.

#6 @MadtownLems
4 months ago

I like those changes, thanks!

I was hesitant to do a patch for this because I'm not sure what's all involved in changing text (if you have to factor in translations, etc)

#7 @ilovecats7
3 months ago

You're welcome. Now that you mention it, I'm not sure about that either. Maybe someone with more experience will chime in on this :)

Note: See TracTickets for help on using tickets.