Plugin: Comment Authorization


NOTICE: I have permanently disabled the test implementation of this plugin. (2004-12-16)

Current Version: 1.6 Download tgz: commentauth.tgz Download zip:

I’ve made my first plugin for WordPress. When activated, this plugin will send an email to people who comment (and supply a valid email address) with a unique link. Clicking on the link will approve the comment for immediate posting, without waiting for an administrator’s approval.

The basic idea is that if the user supplies a valid email address, and they check that email account, then the commenter is most likely not a spammer. It’s not foolproof, but it’s a step in the right direction.

The unique URL is calculated using an md5 sum of the comment text plus a “seed”. The formula could be brute-forced by someone who really wants to bypass your authorization process; but the burden of effort is on them. Edit the $seed variable in both files to use something unique for your site. Make sure the seed is identitical in both sites, or people will never be able to authorize their own posts!

There are two files included in this plugin:

Download this plugin!

UPDATE: the original version of this plug-in was incompatible with the WordPress 1.2 Release Candidate. I’ve fixed that. Please download this package again, or edit moderation.php to remove the following line: require_once(’./wp-includes/functions.php’);

UPDATE #2: I’m not currently using this plugin on this site, so please don’t comment just to see it in action. You can do that over on my test installation!

UPDATE #3: Thanks to David, I’ve added a few extra headers to the generated mail so it should play nice with anti-spam systems. The download link has been updated to the newest version.

UPDATE #4 (2004-09-23): Thanks to Mark for suggesting a fix to help people who have their blog homepage in a different directory than the one in which they installed WordPress.

home / about / archive / RSS