Support » Plugins » Anonymous Posters Can Spoof Registered Users?

  • ResolvedModerator Ipstenu (Mika Epstein)


    I have anon posting on with email required. I was fiddling around and realized that, if I was logged out, and I posted with my user name (Ipstenu) and the email I used with my registered ID (, it would let me post. If I posed with a different user name (jhdgsd) and the email, it wouldn’t post.

    It occurs to me that having a person be able to ‘spoof’ registered users is kinda a bad thing.

    I saw this post – – but that’s three years old. Is there any way to easily say ‘If this email is also used by a registered user, prompt for user to login’?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Okay, I came up with a solution that SEEMS to be working.

    Based on

    function wp_prevent_imposters( $commentdata){
    // get list of user (display) names for blog
    global $wpdb;
    $valid_users = (array)$wpdb->get_results(" SELECT display_name, user_email FROM " . $wpdb->prefix . "users");
    global $userdata;
    // get email of current user
    $logged_in_email =  $commentdata['comment_author_email'];
    $logged_in_name  =  $commentdata['comment_author'];
    // see if the comment author matches an existing author
    $found_match = FALSE;
    foreach ($valid_users as $va) {
      if (trim($va->display_name) != '') {
        if (strtolower($va->display_name) == strtolower($logged_in_name)) {
          $found_match = TRUE;
      if (trim($va->user_email) != '') {
        if (strtolower($va->user_email) == strtolower($logged_in_email)) {
          $found_match = TRUE;
    // if commenter is not logged in, but match was found, block the comment
      if ($found_match == TRUE) {
        wp_die( __('You cannot post using the name or email of a registered author.') );
      else {
        return $commentdata;
    add_filter('preprocess_comment', 'wp_prevent_imposters');



    Awesome! 🙂

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Anonymous Posters Can Spoof Registered Users?’ is closed to new replies.