- Marco Luthe Online! - http://www.saphod.net -

How To Prevent Commenters From Using Your eMail

Posted By Marco On October 14, 2008 @ 17:02 In WordPress Stuff | No Comments

BEFORE YOU READ ANY FURTHER – HERE IS A PLUGIN!

Download my (first!) plugin WP Protect Author Email [1]
(tested with WP 2.6.2 up to 2.7.1).

It actually uses the “preprocess_comment” filter of WordPress to check the commenters eMail – thus making it unnecessary to change any core files (like explained below)!

All you have to do is unzip the file, open it with a text editor, look for “$wp_pae_email” and put in the address that should be protected. Then save and upload this file to your wp-content/plugins/ directory, activate it via the admin panel – and see if it is working. Any feedback is welcome!

WordPress does not provide any function that would check the commenter’s eMail against e.g. the blog owner’s eMail. That way, anybody could use the admin’s name and eMail to leave a comment in the name of the blog owner. Since these blog owner’s comments are often highlighted, this impersonation is quite crucial.

Here is a way to disallow using a distinct eMail without being logged in:

  1. Open wp-comments-post.php from the WP root directory.
  2. Search for the following code (line 53 in WP 2.6.2): 
    if ( get_option('comment_registration') )
wp_die( __('Sorry, you must be logged in to post a comment.') );
  3. After those lines, insert this and put in the eMail that should be checked (repeat these lines if you want several eMails to be checked): 
    if ( strtolower($comment_author_email) == strtolower('email@to-be-check.ed') )
wp_die( __('Sorry, but you must be logged in to use that email. Nice try, though... :-) ') );

Note:
If you are using Filosofo Comments Preview [2], you have to open that plugin file and do the same changes. The same would be necessary for any plugin that bypasses wp-comments-post.php.

Another note:
I wonder if I could use the “preprocess_comment” filter to add this functionality, so that the core WordPress files do not have to be touched.

Happy note:
Eureka! Bingo! Works! My first plugin! :-)

Inspired by the article Prevent author impersonation in WordPress comments [3].

Article printed from Marco Luthe Online!: http://www.saphod.net

URL to article: http://www.saphod.net/2008/10/14/how-to-prevent-commenters-from-using-your-email/

URLs in this post:

[1] WP Protect Author Email: http://www.saphod.net/wp-content/downloads/wp-protect_author_email.zip

[2] Filosofo Comments Preview: http://www.ilfilosofo.com/blog/comments-preview/

[3] Prevent author impersonation in WordPress comments: http://www.dagondesign.com/articles/prevent-author-impersonation-in-wordpress-comments/