Mitigate risk from inactive editors/admins #185
Description
Is your enhancement related to a problem? Please describe.
Over time, a site can accumulate a lot of editors & admins, some of whom may not even work for the organization anymore. That increases the risk of a compromised account being used to attack the site.
( I'll just say "admins" for the rest of the issue as a shorthand, but I think editors should be included in this group, because they have unfiltered_html etc. On Multisite installs, super admins should be included as well. )
Designs
No response
Describe alternatives you've considered
These are some potential solutions:
-
Periodically send a notification to the site admin with a list of admins who haven't logged in recently. Something like 3 months might be a good default value.
-
Add an item to the Site Health page with a list of inactive admins. It could have a button to demote all of them to the
Subscriberrole, and also buttons next to each username to demote that individual user. The notification email above could link to this page. -
Have a setting to automatically demote inactive admins to the
Subscriberrole. An email could be sent to the site owner with the list of users. That way the owner doesn't have to do any pro-active work, but they have the opportunity to restore access to anyone that should still have it.
Demoting to the Subscriber role is better than deleting users, because it won't re-assign posts that they created.
There are probably some plugins out there that already do some of that, but I think it'd be a valuable feature to have on every site, similar to the password strength feature. Those plugins could be used as inspiration, though.
Code of Conduct
- I agree to follow this project's Code of Conduct