Bug #2628
closedSpam User Changes Password
0%
Description
Hi Ray --
I received an email notification that a user marked as spam changed his/her/its password. How is that possible? My assumption was that users marked as spam would be locked out of the site. Please see attached screenshots, one of the notification email, the other of the member in the user list.
Files
Updated by Raymond Hoh almost 11 years ago
Hi Matt,
Sorry for missing this issue.
Just tested this locally on a multisite install and I can duplicate your report. The good thing is spammers cannot login, so resetting the password is relatively harmless (albeit a little annoying for super admins!).
Let me know what you want to do to address this problem.
Updated by Matt Gold almost 11 years ago
- Status changed from Assigned to Hold
- Priority name changed from High to Low
Hi Ray --
Okay, I'll put the ticket on hold, but can I suggest an upstream patch to WordPress? Happy to support the writing of such a patch on CUNY hours.
Updated by Raymond Hoh almost 11 years ago
Upstream patch created:
https://core.trac.wordpress.org/ticket/24617
In the interim, do you want me to create a small plugin to address this?
Updated by Matt Gold almost 11 years ago
Awesome! thanks, Ray. Not sure it's worth the time, since this only happened once and I'm nipping most spam registrants in the bud soon after they register. If it becomes a nuisance, maybe we can move forward with a plugin.
Updated by Raymond Hoh about 6 years ago
- Status changed from Hold to Resolved
This was fixed upstream in WordPress v4.6.0.