WordPress.org

Ready to get started?Download WordPress

Forums

Commenting using admins detais (4 posts)

  1. Steve
    Member
    Posted 6 years ago #

    Hi guys, I run a site http://www.streetphire.co.uk/ which allows users to comment on topics/articles made. The problem is that when people are commenting which I leave open to anyone I noticed the other day the users (logged in or just general public) could post a comment using registered peoples names. So admin or H Man (me) as it shows or Pete (another admin) can be used as their name no matter who they are. How come?

    Is this a security flaw or is it because once an IP has made two sucessful approved comments its allowing that IP to comment no matter what the name the user uses to post as?

    Anyone help?

    Im using 2.5.1 with simple captcha for protection against spam

    thanks
    H Man

  2. mrmist
    Forum Janitor
    Posted 6 years ago #

    The "name" that people type into the "name" box when they leave a comment can be whatever someone likes. It could be the same name as one of the admins, or a gibberish name. It's not tested to see if it matches with an admin's name or anything else.

    If you're actually logged in, you don't have a name box to fill in.

  3. Steve
    Member
    Posted 6 years ago #

    But then it looks like the admins of the site are leaving comments they didnt want to leave. That raises issues doesnt it?

    Its like a me using your login name to say something you didnt want to say...

    H Man

  4. mrmist
    Forum Janitor
    Posted 6 years ago #

    As an admin you can edit the names (and/or the comments) if people are filling them in to create junk comments.

Topic Closed

This topic has been closed to new replies.

About this Topic