Confirm changed email

3.75K viewsWordPress
0

User can change his email in Profile –> Account.

When he registers, email validation is provided by either social logins, or default wordpress pipeline. But when user change his email with your form, it just changes, trusts user. Users could write any email there.

Which could allow malevolent users to spam people using my Q&A site.

If user email is updated, it should not be accepted until it is confirmed again.

As far as I understand, you do it “the default way” of wordpress. Please advice, how do I enable change email confirmation? How do I disable changing email (real way, not just making email field readonly in frontend)? User role is AnsPress Participants.

1

Commit has been pushed to Github.

From now on user need to verify their email if they update email.