Welcome to Dagon Design. In addition to free scripts, WordPress plugins, and articles, we offer a variety of services including custom theme design, plugin creation, and PHP scripting. Contact me for more information.

Updated Friday, February 20th, 2009 at 8:20pm

Prevent author impersonation in WordPress comments

This modification to WordPress prevents unregistered comment authors from using the names or email addresses of the registered authors on your site. It does this by first checking to see if the comment author is logged in. If they are not, it compares their name and email address to the registered author data. If there is a match, the comment is blocked and a custom message is displayed. The name and email address comparison is case-insensitive.

Requirements

This code modification has been tested in WordPress 2.2 through 2.8+

Instructions

1) Open /wp-comments-post.php for editing (backup the file first!)

2) Find the following block of code:

Notice: In WordPress 2.8, the code has changed a bit, but should be easy to find near the top of the page.

$comment_author       = trim(strip_tags($_POST['author']));
$comment_author_email = trim($_POST['email']);
$comment_author_url   = trim($_POST['url']);
$comment_content      = trim($_POST['comment']);

3) After it, add the following:

// get list of user (display) names for blog
global $wpdb;
$valid_users = (array)$wpdb->get_results("
  SELECT display_name, user_email FROM " . $wpdb->prefix . "users");

// get ID of logged in user (if there is one)
global $userdata;
get_currentuserinfo();
$logged_in_name = $userdata->ID;
$logged_in_email = $userdata->user_email;
 
// see if the comment author matches an existing author
$found_match = FALSE;
foreach ($valid_users as $va) {
  if (trim($va->display_name) != '') {
    if (strtolower($va->display_name) == strtolower($comment_author)) {
      $found_match = TRUE;
      break;
    }
  }
  if (trim($va->user_email) != '') {
    if (strtolower($va->user_email) == strtolower($comment_author_email)) {
      $found_match = TRUE;
      break;
    }
  }  
}

// if commenter is not logged in, but match was found, block the comment
if (trim($logged_in_name) == '') {
  if ($found_match == TRUE) {
    wp_die( __('You cannot post using the name or email of a registered author.') );
  }
}

4) Save and close the file

Notes

To test this modification, simply log out and try to post a comment using the name that displays when you regularly post comments (when you are logged in).

If you would like to change the message, just modify this line:

wp_die( __('You cannot post using the name or email of a registered author.') );

If you have found this page useful, please consider donating. Thanks!

Topic: WordPress Hacks and Info | RSS Feed

31 Comments on “Prevent author impersonation in WordPress comments”

Pages: « 3 [2] 1 » Show All

30

John

7-30-10 1:22PM

I also need this for WP 3.0. Has anyone got it working on the new version yet?
29

zaone

7-25-10 11:57AM

Hi, it seems like this doesn’t work on WP 3.0. Do you know what modifications should be made to make it work? Thank you.
28

nikki

6-29-10 2:40AM

We supply all kinds of moncler boots,moncler bags,moncler coats,moncler jackets,moncler T-shirt,moncler vest and so on.We have got a good reputation pf our products with top quality and good price.We sincerely look forward to futher cooperation with you for mutual benefits.We are sure that you will find working with us is a pleasant, time-saving and profitable experience. Please feel free to contact us if you have any questions.Our website is http://www.newlyapparel.com.
27

Michael

4-30-10 3:32AM

@Jake
Might be a little late now but if you remove all references to name like “if (trim($logged_in_name) == ”) {” it should only check email.
26

wpbloggy

2-25-10 12:52AM

A VERY USEFUL bit of code! Thank you for sharing this useful technique, I’ve wanted such a feature for some time.
25

Nothing

2-16-10 7:14PM

i just test its working on Version 2.9.2 , great thing thanks alot
24

Chip D

1-25-10 7:20PM

Has anyone tried this in WP 2.9.1 yet?
23

Jake

1-7-10 10:01PM

I really like how this works, however I would like it to ONLY check the email. I don’t care if someone uses the same name, but if they use the same email it will use their gravatar. I get way too many comments and have already seen many users with the same names.

Could you post a version that only checks email?

Thank you, I appreciate it and this works great even on 2.9.1
22

right foot

12-8-09 3:35PM

WOW!!!
This is absolutely amazing (and if left open, dangerous!)

I can’t believe the boffins who wrote WP didn’t think about something like this and implement a fix!

I have started to update all my (38) blogs… muchos grassears dude!
21

Road Rage

11-30-09 10:30PM

I love this – thanks so much for it. Is there a way to edit the output so that if someone wrote a long comment, that their text won’t be lost?

For example, someone could have no intentions of impersonating anyone, write a very good and long comment using the name “Mike”, and understandably not know that it was already registered. How can they be notified that their comment won’t be submitted until they change their name, but not lose what they wrote?

I imagine it would involve notifying them without leaving the page they’re on.
20

BadGirl45

10-23-09 5:13AM

There are certainly a number of biological differences between men and women. ,
19

BadGirl40

10-22-09 5:58AM

Where all content is aggregated for you, ready to be consumed. ,
18

Sooran

9-15-09 5:23AM

tancks.
This Post Helped me
Good Time
17

Brad H - Insurance Guru

8-26-09 11:13PM

Fantastic, thank you for sharing this. It works like a champ. Now websites cannot be stolen from people who post a lot.
16

andol

7-27-09 6:14AM

that is bloody cool, i love that tip.

Pages: « 3 [2] 1 » Show All