When the user “registered” via
http//example.org/wp-admin instead http://example.org/register
and allow the Example.Org Facebook App
Yes, it’s good and should not allow that user to be logged in as administrator but the following happens:
1. The profile picture of the “alleged administrator” becomes the profile picture of the “real administrator” – which is very argh! I know that the plugin assumes that “the real administrator” wants to login with his own Facebook account. But what if the other user accidentally or intentionally, go to this page. Question: How can I disable the option to login with Facebook at the wp-admin?
2. When the “alleged administrator” correctly registered via http://example.org/register. It will appear that the “alleged administrator” is already registered. Question: How can I delete the association of the admin accounts to these Facebook accounts.