WordPress Top Commentators Hijack Fix Released
New BloggingTips author Sarah recently noticed a major flaw in the popular Show Commentators Plugin for WordPress.
As Sarah explained last month :
To briefly explain, the plugin creates the top commentators list by counting the number of comments made per name which is easily forged, by accident or on purpose. It then links the name using the last URL given on that name’s comment. So all you need is someone to forge someone else’s name and use a different URL and they get a nice little, usually no followed, link from your site.
Thankfully, Sarah was able to fix it by creating the top commentators list using email addresses instead of names. As she points out, it is very easy to forge a name which is being displayed compared to a hidden email address which is not.
If you use the top commenators plugin I recommend you downloading this fix so that you no cheaters get on your list.
You can download the fix from the link below :
David Bradley | May 1st, 2008 at 3:23 am #
I take it someone has notified the original plugin author so that the patch can be incorporated into the source…
db