Sorry, I have reposted this from another part of the forum, as I'd like to see this feature removed. Basically, anyone who signs up as a "contributor" (a heavily moderated 'writer on trial') can access all of the email and IP addresses of everyone who has ever commented on my blog. I'd like to point out that this means anyone who sets the default role of new members as "contributor" is opening everyone who ever commented on their site up to spammers.
Also, why on earth should someone who is not even trusted to make their own posts without approval require the right to see such information. This should only be for the highest level users... anyhow... read on:
I'd like to alter the Back-end (admin panel) of wordpress so that the "Comments" tab is not open to anyone who is not an admin.
I have seen a couple of other posts on this subject which have only received flippant responses along the lines of "why would you allow someone to make posts if you don't trust them not to spam your other members?" The answer to that question is this:
I moderate all new contributors posts until I feel I can trust them. If I set the options to allow all new members to be "contributors" (the lowest form of writer, who is not allowed to make posts without being approved) then ANYONE who registers with my multi-author blog can access the email address of EVERYONE who has left a comment... EVER. This is not right, and is presumably the reason why there is so much registration spam on WordPress.
It is my belief that this aspect needs to be written out of WP, but failing that, at least can someone suggest the alterations I would need to make to the code in order to amend this situation myself?
I can, of course, work out the answer on my own, but I'm pretty sure other people are out there looking for this fix, so the quick way would be a help for all of us.
And if you're planning a flippant remark, pleas remember I'm not the enemy, I actually want to protect the email addresses of those who leave comments on my WP blogs. It is the spammers and scrapers out there we should be inhibiting - precisely by removing this security issue.
I was informed of this by one of my newly promoted authors, who was shocked that she could access all of these addresses. I was too. Imagine if she had also run a mailing list somewhere. She could have put all 5,000 or so unique addresses on there without so much as running a small script...