Can we validate user email changes?

I am having difficulty understanding why user security and validation is so vague in WP (4.0).. Surely email verification should come as default?

Anyway I have been trying to find a solution to user security. All I can seem to find are plugins that send email validation links on registration. This is great, however a user can the log in and just change the email to [email protected] no questions asked. Either a) I now have an unverified user; or b) Someone has just hijacked the account.

Surely I am missing something here, these features predate WordPress so there must be a solution?

Edit: Just to clarify, I want a confirmation email sent to the OLD email address - ie "someone, probably you has tried to change the email associated with this account..". As opposed to just verifying an email address for validity

Topic validation verification email Wordpress

Category Web

1
answered at

You can use this hook to send a mail to your old email address

<?php
add_action( 'profile_update', 'my_profile_update', 10, 2 );

    function my_profile_update( $user_id, $old_user_data ) {
       //Load new user data by uid and  compare with old data
           // Email code about profile changes 
    }
?>

I think this should work for you.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.