Bug #2628

Spam User Changes Password

Added by Matt Gold over 8 years ago. Updated almost 4 years ago.

Priority name:
Start date:
Due date:
% Done:


Estimated time:


Hi Ray --

I received an email notification that a user marked as spam changed his/her/its password. How is that possible? My assumption was that users marked as spam would be locked out of the site. Please see attached screenshots, one of the notification email, the other of the member in the user list.


#1 Updated by Raymond Hoh over 8 years ago

Hi Matt,

Sorry for missing this issue.

Just tested this locally on a multisite install and I can duplicate your report. The good thing is spammers cannot login, so resetting the password is relatively harmless (albeit a little annoying for super admins!).

Let me know what you want to do to address this problem.

#2 Updated by Matt Gold over 8 years ago

  • Status changed from Assigned to Hold
  • Priority name changed from High to Low

Hi Ray --

Okay, I'll put the ticket on hold, but can I suggest an upstream patch to WordPress? Happy to support the writing of such a patch on CUNY hours.

#3 Updated by Raymond Hoh over 8 years ago

Upstream patch created:

In the interim, do you want me to create a small plugin to address this?

#4 Updated by Matt Gold over 8 years ago

Awesome! thanks, Ray. Not sure it's worth the time, since this only happened once and I'm nipping most spam registrants in the bud soon after they register. If it becomes a nuisance, maybe we can move forward with a plugin.

#5 Updated by Raymond Hoh almost 4 years ago

  • Status changed from Hold to Resolved

This was fixed upstream in WordPress v4.6.0.

Also available in: Atom PDF