By default, WordPress does not enforce any kind of restrictions on the email address used by commenters. I’m actually quite surprised that to date no one has posted a comment to this site trying to masquerade as me, because they certainly could have done so before today.

To prevent this from ever happening, and to ensure that you, my dear readers, can sleep easy at night knowing that every comment on this site purporting to be from me really is from me, I have written Impostercide!

This plugin checks the email address submitted by a commenter against the list of registered users in the blog. If the email address is assigned to a registered user, this plugin then checks to see if the person attempting to comment is a signed-in user of the blog. If they are not, the comment is rejected with a stern rebuke.

So no more imposters pretending to be Skippy here (of which there were none to begin with…)!

Currently this plugin only checks for the first instance of a given email address in the registered user list. If you have multiple accounts, all with the same email address, you’re going to have to ask me very politely to update the plugin to accomodate your bizarre usage patterns.

Many thanks to Mark for the catchy name!

home / about / archive / RSS