Impostercide prevents unauthenticated users from “signing” a comment with a registered users email address or username. There is no interface from the admin’s end, no options to select. Simply install, turn it on, and watch the spoofers get stopped.
Misc
Download
Latest version: Download Impostercide v1.8 [zip]
Installation
No special instructions.
FAQ
Q. Will this work on older versions of WordPress?
A. This will work on WordPress from version 2.1 and up.
Q. Will this work on MultiSite?
A. Again, yes. I suggest putting it in mu-plugins, but it works fine both ways.
Q. Can this catch innocents?
A. Yes, but … well. The only person I’ve caught is someone who is, apparently, pathalogically incapable of remembering that he HAS an account on the site, and he needs to LOG IN with said account. He also claims to forget his password and that WordPress doesn’t email it to him, so I’m pretty much chucking his complaint as a problem with the user, and not the tool.
Changelog
1.8
- 17 April, 2012 by Ipstenu
- Readme cleanup, fixing URLs etc.
- Internationalization
1.7
- 4 October 2011 by Ipstenu
- 3.3 compat check
- minor cleanup
- licencing
1.6.2
- 8 Dec 2010 by Ipstenu
- Removed the check on URL. Why? Cause sometimes people have the same URL as other. Like when they share a site. (Sorry RonAndAndrea!)
1.6.1
- By Ipstenu
- Switched logged in check to is_user_logged_in() (thanks Chip!)
- Genericized the error message (again, Chip)
1.6
- By Ipstenu
- Re-released under GPL (per http://skippy.net/wordpress-plugins-discontinued#comment-8300 )
- Replaced
die()withwp_die() - Changed formatting to look ‘pretty’
1.5
- July 2011 by Ipstenu
- Initial version by Ipstenu. All I did was change commenting and move it to a subfolder. (This was only ever released on my websites)
1.0
- 2005 Scott Merrill (skippy@skippy.net), discontinued in 2007.
- many thanks to Mark Jaquith for the name “Impostercide”
Screenshots
-
Error message when you try and post as a registered user
-
Wait, something’s wrong….
Just read that the original coder of impostercide left a few years ago and you rescued the code
nice save for the cool plugin.
Was wondering if there is a way to prevent unauthenticated users from using another unauthenticated user’s credentials from being impersonated?
Not really. The problem is that there’s no way to prove you’re you without a username and password. The handle and email can be easily faked, as you pointed out, and you can’t rely on IP, since they change these days (I have a few I use, and what happens when I’m in a coffee shop?).
That said, as a moderator, when I see someone’s post from a new IP, I keep tabs on it.
I’ve been spoofed a couple times, so yeah, I know that pain
Geez
guess some people get off from spoofing other people
Anyways, thanks for the reply
will check out the plugin again.
The only way to beat the spoofers and spammers, in the long run, is constant vigilance to your moderation queue.