Added by Matt Gold almost 11 years ago. Updated about 6 years ago.
0%
Description
Hi Ray --
I received an email notification that a user marked as spam changed his/her/its password. How is that possible? My assumption was that users marked as spam would be locked out of the site. Please see attached screenshots, one of the notification email, the other of the member in the user list.
Files
| Screen Shot 2013-06-13 at 7.35.27 AM.png (30.8 KB) Screen Shot 2013-06-13 at 7.35.27 AM.png | Matt Gold, 2013-06-13 07:37 AM | ||
| Screen Shot 2013-06-13 at 7.36.37 AM.png (26.8 KB) Screen Shot 2013-06-13 at 7.36.37 AM.png | Matt Gold, 2013-06-13 07:37 AM |
Hi Matt,
Sorry for missing this issue.
Just tested this locally on a multisite install and I can duplicate your report. The good thing is spammers cannot login, so resetting the password is relatively harmless (albeit a little annoying for super admins!).
Let me know what you want to do to address this problem.
Hi Ray --
Okay, I'll put the ticket on hold, but can I suggest an upstream patch to WordPress? Happy to support the writing of such a patch on CUNY hours.
Upstream patch created:
https://core.trac.wordpress.org/ticket/24617
In the interim, do you want me to create a small plugin to address this?
Awesome! thanks, Ray. Not sure it's worth the time, since this only happened once and I'm nipping most spam registrants in the bud soon after they register. If it becomes a nuisance, maybe we can move forward with a plugin.
This was fixed upstream in WordPress v4.6.0.
