Open mahnunchik opened 4 years ago
Hi, thank you for sharing your thoughts,
This issue (if there is an issue) should be addressed on the whole WordPress project, and not only for this feature plugin. I'd recommend to open a Trac ticket for this 🙂
Also, please note that since WordPress 5.3, there is already an email verification system.
Cheers, Jb
Hi @audrasjb
Ok, I will open a Trac ticket.
Email verification system is good, but there is The email is correct
security killer button... I'm fixing right now one more website with admin@admin.com
admin email address 🤦
As discussed on the previous devchat in case of failed update/rollback there are email notifications.
Idea is good: any errors related to Core, Plugin or Theme update should be reported to an email of admin as soon as possible.
But in the real world there are too few properly configured mail servers in wordpress and servers at all. Actually there is no good documentation how to set up email: https://wordpress.org/search/mail
In addition there are a lot of lazy administrators with email addresses like admin@example.com or something similar.
Thus so many really important mails about failed update/rollback will be send to
/dev/null
. It is security issue because website will be inconsistent state indefinite amount of time (for example login plugin not updated and not rollbacked).