Comment section security floor

  • Aidas

    (@frankenstein-uk)


    9 years, 7 months ago

    Hello,

    I noticed that you can post comments on behalf of admin if you know admin’s email address.

    When admin use Gravatar, spoofed comment looks exactly the same as admin’s, also your post gets approved straight away.

    For e.g. you can get some people to contact you on behalf of admin. If people trust the admin, they can share their details unknowing that they chat with fake admin.

    In my case, people share their wordpress logins, when they need support for the plugin I have created.

    I think it should ask you to login, if user email belongs to admin, cause I don’t want to make my comments available only for registered users.

    What are your thoughts guys?

    Thanks

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Comment section security floor’ is closed to new replies.