Prevent impersonation of registered users in the comments

How easy it is to impersonate someone in a comment? very much, all I need to do is claim that I am Barak Obama (insert any other celeb) and no one can prove that it is not who I am. This is just a fact of life on the internet and it is not very problematic to anyone as most people will not believe such claim without additional prof.

But what about someone claiming to be me on my site? If he knows my email address and the nick I use he can submit a comment that to others will look as if I have published it. From here the potential to abuse is limited only by the social engineering skills of the attacker. And it is not that hard to get an email address of a person, sometime it is publicly available and some times you can contact them and as a by-product learn there email, or you can tempt them to comment at your site.

This plugin introduce a simple solution to this problem, when someone tries to comment using an email known to belong to a registered user, he will be asked to login for the comment to be published. The comment itself will be marked as spam until the user will login.

To make the flow easier to the user, he is redirected to the login page and when the login is successful the comment is being approved and he is redirect back to the post on which he commented. Ajax commenting is harder to handle gracefully and the user will just get a message (depending on the plugin used) that he needs to login.




WordPress 3.9 and above for both standalone and multisite/network configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment policy

We are not going to share your e-mail with anyone else, but we might send you answers to your questions directly to your email.