Whether out of security or not, newer versions of WordPress have made the task of changing your account email address a little more cumbersome.
To be honest, I’m ok with it. Because it is a step towards keeping things more secure.
In the past, you could go to your profile, change the email address listed, save your changes + then go about your day. With an updated WordPress website, that’s not the case.
After changing the email address + saving the changes in the dashboard, you’ll receive an email to the address you’re changing your settings to with the subject “[site name] New Email Address.” Within that email is a link you must click to verify the change.
If you’re thinking “Alison, how does the new email address getting an alert help with security?” I’m stoked you’re thinking about it that in depth. And you’d be correct, this email doesn’t do shit for security.
What does help your site security is that once you’ve verified the change by clicking the email link, the original email address is sent an alert about the change.
While I don’t love that it’s sent after the change happens, it will at least keep you in the loop if your account is hacked + your email address changed without you doing it.
Don’t panic about getting emails every time one of your course members updates their profile. These emails are only sent to the old email address + new one, and only sent out if the user role being changed is an administrator role.