Impostercide! 
By default, WordPress does not enforce any kind of restrictions on the email address used by commenters. I'm actually quite surprised that to date no one has posted a comment to this site trying to masquerade as me, because they certainly could have done so before today.
To prevent this from ever happening, and to ensure that you, my dear readers, can sleep easy at night knowing that every comment on this site purporting to be from me really is from me, I have written Impostercide!
This plugin checks the email address submitted by a commenter against the list of registered users in the blog. If the email address is assigned to a registered user, this plugin then checks to see if the person attempting to comment is a signed-in user of the blog. If they are not, the comment is rejected with a stern rebuke.
So no more imposters pretending to be Skippy here (of which there were none to begin with...)!
Currently this plugin only checks for the first instance of a given email address in the registered user list. If you have multiple accounts, all with the same email address, you're going to have to ask me very politely to update the plugin to accomodate your bizarre usage patterns.
Many thanks to Mark for the catchy name!
-
September 9th, 2005 at 3:02amHey thanks for this. :) -
September 9th, 2005 at 4:57amHa! I can't believe you used it! -
September 9th, 2005 at 11:31amSounds like a good Plug in to add to my sites, Pagan Students Espeshaly, due to the numbver of potential users for that -
September 9th, 2005 at 9:16pmWhat if I'm not a registered user and I want to leave a comment? -
September 9th, 2005 at 10:41pmElfboy: there's no change in behavior if you're not a registered user, so long as you're not trying to use the email address of a registered user. As you can see, your comment came through just fine! -
September 20th, 2005 at 3:47amGreat idea for a plugin! *downloads and activates* 
November 2nd, 2005-
November 2nd, 2005 at 1:46pmYou say, "If you have multiple accounts, all with the same email address, you’re going to have to ask me very politely to update the plugin to accomodate your bizarre usage patterns." I've thought a lot over the years about what should constitute the unique identifier for a user account. I've come to believe that *in most cases* the user's email address should be their login. However, there should also be a unique auto-numbered identifier for the account. So, for example, a user record would look like this: UserID: Assigned by db or system, never seen by user UserEmail: may be set or changed by user UserScreenName: may be set or changed by user UserPassword: may be set or changed by user Here's what I think this solves: 1. Users don't forget their email address (unlike login). 2. Makes it impossible to create duplicate accounts. 3. Makes it possible to add some sort of "password reminder" tool per whatever security standards you wish to use. It emails them whatever info you wish if their email address matches an account. 4. Since email addresses really are unique, you don't have to worry about the issue of two users having the same login. Probably you would want to continue constraining as unique the screen names. My point is that since email addresses are unique in the world, you can leverage the benefit of that uniqueness benefit in your own world. -
November 2nd, 2005 at 2:36pmI agree that people don't tend to forget their email addresses; and email-based logins are certainly something to consider. In the context of WordPress, though, there may well be valid reasons to support multiple login names that use the same email address in the profile. As an author on a WordPress blog, you can elect to receive email notification whenever someone comments on one of your posts. There may be instances where one would like to post an item using a different name, but still receive the comment notification at your primary email address... The current mechanism allows for this without requiring any kind of mail aliases.
-
November 4th, 2005 at 8:29pmI totally agree that there are cases where email address should not be used for login, and probably WordPress is one of them. With Impostercide you stumbled upon one of the many difficulties with multiple email addresses in the system, and attempting to do an account verification accordingly. I haven't looked at your code, but when faced with multiple email addresses, it should be easy enough to iterate through them all with an incrementing flag counter, eg.: intFlag = 0; while ( i=0; i
-
November 4th, 2005 at 8:30pmoops, WordPress didn't like my posted code block.
- November 8th, 2005
-
November 18th, 2005 at 1:34pm(Skippy, since this post is the first result on google when looking for "impostercide", you should probably update the download link to the latest version) - November 18th, 2005
-
November 26th, 2005 at 1:27amIt doesn't work for me. I upload, activate, and I can still post as "Poromenos" (logged off, of course). I don't care about users using my email, emails don't show up anywhere anyway. I want to prevent them from using my name, how do I do that? -
November 26th, 2005 at 4:45amSo what is the URL to the latest version? Is it still 1.0? -
November 26th, 2005 at 5:22amMy apologies. I found the latest version on this page: http://www.skippy.net/blog/category/wordpress/plugins/ Sorry for the confusion. Thanks for the plugin!
-
November 26th, 2005 at 3:54pmInteresting. The new version works great, thanks a lot. You might want to link to it from this page because people might look for it here. -- Poromenos http://porocrom.poromenos.org
-
December 30th, 2005 at 2:15amExcellent, thank you! -
January 6th, 2006 at 12:04amHmm I want to screen the names only, not the email. Is this duable with this pluging? if not a request: I admin the option to choose between: 1- Check email 2- Check user names Also a topic here: http://wordpress.org/support/topic/55020 Thx Greetz -
January 6th, 2006 at 1:31pmNull: you can edit the code to remove any of the checks you deem necessary. The source is fairly well commented, so it should be obvious which bits to remove.
-
January 6th, 2006 at 1:43pmAh I see ok thx Hmmm will this also work with the wordspew plugin? It's a shoutbox where quests can post too. A guest can change his name in the name box. Will this plugin check this too? And what if someone is online AND using a verified guest name and another person want to type something and enter also that name, will the script check these temp names to?? Cause if Jack has signed out, the name Jack is free for all again, but if guest Jack is online someone else cannot call himself jack too... The pluging can be found here: http://blog.jalenack.com/ajax/ Maybe some adjustment would be needed to make it work with it... Further on GREAT MOD, why isn't it on the wp page?
-
January 6th, 2006 at 6:15pmImpostercide will not work with WordSpew without some tinkering, none of which I am going to do. Impostercide was written specifically for WordPress comments, and only checks comments.
-
January 6th, 2006 at 11:26pmHi, So no izi fix, well no problem, I was just wondering if it would work on plugins too. Still a great plugin, a must have!
-
February 11th, 2006 at 9:26pmI tried to find this plugin via http://www.skippy.net/blog/plugins/ but it seems to not be the most recent version. Most of the other links there point to multiple versions. Perhaps this one should be updated. - May 24th, 2006