Allow anyone to post articles, but moderate them

  • Unknown's avatar
    raincoaster · Member ·

    Yes, but I think Jennifer is saying they could change the password of the contributor so that nobody else could post stuff. An admin would catch that pretty quickly, you’d think, especially if people complained they couldn’t post.

    But don’t password changes have to go through an email confirmation?

  • Unknown's avatar
    justjennifer · Member ·

    @wpvstp- rain’s suggestion was to create a “global” Contributor account and post the password. That was my concern.

    Since the password change is on the same page as the email account, potentially I think they could change both.

  • Unknown's avatar
    justjennifer · Member ·

    Anyway, all of this discussion seems to be rather moot. Where’s the original poster and does he have a WordPress.COM blog? LOL

  • Unknown's avatar
    wpvstp · Member ·

    Iya, I see the issue now. However, I just did a test on a blog I am a contributor on. I could not change my email.

  • Unknown's avatar
    justjennifer · Member ·

    @wpvstp-you’d have to change it to an address not already associated with any wordpress.com blog for it to work.

  • Unknown's avatar
    raincoaster · Member ·

    Yes, of course. The blog admin would have to set up a specific email account and keep it secret.

  • Unknown's avatar
    justjennifer · Member ·

    Rain-How secret could it be if it appears on the Contributor’s Profile page? (confused look)

  • Unknown's avatar
    raincoaster · Member ·

    No password, no access. People would be able to send email to it, but not read those emails or change the email associated with the account.

  • Unknown's avatar
    raincoaster · Member ·

    Presumably, the admin would have to be intelligent enough not to use the same password for the contributor’s account as well as the email. Anyone not that intelligent has no business being unsupervised in the first place!

  • Unknown's avatar
    thesacredpath · Member ·

    Anyone not that intelligent has no business being unsupervised in the first place!

    Which would account for a sizeable portion of the human population.

  • Unknown's avatar
    justjennifer · Member ·

    I sense there’s a basic misunderstanding somewhere, but it’s also late here and I am probably the one misunderstanding.

    When you set up a WordPress.COM account/username, it has a unique email associated with it. If digitalmedievalist were to set up a “global” Contributor account and share the account username and password with everyone so they could log in and submit an article to that blog (that’s the whole point here, no?), then the “global” user would also have access to “their” Profile information in the User tab of the Dashboard. Even if they couldn’t change anything other than their “own” information, that would be enough to compromise the account.

    Please correct me if I’m wrong. I only have one small private multiuser blog and even as Admin I can’t change other users profile info, but I can change my own.

  • Unknown's avatar
    thesacredpath · Member ·

    I think you are right Jennifer. If the contributor has access to the global account, which they would, then they would have access to the email address and password associated with that account.

  • Unknown's avatar
    raincoaster · Member ·

    Yes, they would see the email. Yes they would see the password, because they would have already used it to get there.

    However: without the password to the EMAIL, which would presumably be different, they could not successfully change the email associated with that account, if I understand the way WP.com works when changing emails. So they could try to change it, but not succeed.

  • Unknown's avatar
    vivianpaige · Member ·

    Last time I changed my email address on my account, the email came to my *new* address, not the old one. Is that still the case?

  • Unknown's avatar
    raincoaster · Member ·

    From what was said on the last page, it looks like that’s not the case for contributors rather than authors. I’ll stick a modlook on this and see if we can get staff’s input.

  • Unknown's avatar
    babaliciou5 · Member ·

    ^waits in the corner^

    ^tick…tock…tick…tock^

  • Unknown's avatar
    justjennifer · Member ·

    Just to clarify, it wasn’t the EMAIL account I was referring to, but the WP.com user account.

    Hoping staff comes round to add their input.

  • Unknown's avatar
    mark · Member ·

    Create a user (Bill), assign them Contributor status on your blog.
    Post details in the sidebar (for instance).

    Andrew signs in as Bill.
    He writes an article and submits it for review.
    He also happens to wite something but saves this one as a draft.

    Robert signs in as Bill
    He decides not to write anything, but he deleted one of Andrew’s posts and edits the other.

    Lewis signs in, changes the email address then signs out. He uses the Lost password and that feature uses the new email address.

    This is not a failing in how we handle things.
    If you share login information you are giving someone the same powers. The system has no way of knowing who is actually at the keyboard – it cannot know. The email address change could be looked at but so far it has caused no issues.

1 2
  • The topic ‘Allow anyone to post articles, but moderate them’ is closed to new replies.