Hi guys, I run a site http://www.streetphire.co.uk/ which allows users to comment on topics/articles made. The problem is that when people are commenting which I leave open to anyone I noticed the other day the users (logged in or just general public) could post a comment using registered peoples names. So admin or H Man (me) as it shows or Pete (another admin) can be used as their name no matter who they are. How come?
Is this a security flaw or is it because once an IP has made two sucessful approved comments its allowing that IP to comment no matter what the name the user uses to post as?
Im using 2.5.1 with simple captcha for protection against spam