There is a huge security risk in how you handle comments. Consider this scenario (that happened to me!):
Registered member of WordPress.com, ‘John Smith’, goes to one of millions of hosted blogs on your .com platform and writes a comment:
“I am against racism!”
Now, once he presses “submit” button, he cannot edit his comment anylonger. From now on, John’s comment is in full control of the “webmaster” of a blog where he commented.
Now, if webmaster “hates” or “dislikes” John, he/she can go and EDIT/MODIFY John’s comment to look like this:
“I support racism!”
Isn’t this a huge security issue for WordPress.com ?
Ordinary reader will have no idea that renegade webmaster modified John’s comment to make John look like a racist. And John cannot go back and delete his own comment! That is a huge security issue! I think registered WordPress.com members OUGHT TO BE able to modify or even delete their own comments on other blogs.
- The topic ‘Security Risk on WordPress.com (Comments)’ is closed to new replies.