Problem/Motivation
The Anonymous user, as created by the user_install() function (@see user.module's .install file),
has its status property set to 0 and is therefore blocked from authenticating.
That reasonable default should not be modified since we don't want to authenticate anonymous users.
To safeguard against this, the UnblockUser pluginUser::activate() method should ascertain that the Anonymous user does not become unblocked.
In order to achieve this, the User::isAnonymous() method also needs to enforce a stricter check on the uid property.
Proposed resolution
Modify the UnblockUser::execute()User::activate() method and implement a Logical Exception being thrown that disallows the Anonymous user from becoming unblocked.
Additionally, make User::isAnonymous() more strict and accept only uid === 0 as the condition that reveals when a user is truly anonymous.
Remaining tasks
Provide a patch.
Provide a Change Record for changes that may affect developers.