Make WordPress Core

Opened 12 years ago

Last modified 5 years ago

#23179 new enhancement

New avatar related option - use gravatar only for registered users

Reported by: mark-k's profile mark-k Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Comments Keywords: needs-patch dev-feedback
Focuses: Cc:

Description

The use of gravater is problematic because there is no attempt to verify that a comment with which an email was used was actually left by the owner of the email (AFAICT gravatar doesn't even have an API for authentication).

This makes impersonating to someone else that have a gravatar in a wordpress site comments much too easy.

IMO non autogenerated gravatars should be displayed by default only for users for which it is known that they actually own the email address, which are usually only the registered users.

Change History (5)

#2 @cais
12 years ago

  • Cc edward.caissie@… added

#4 @chriscct7
9 years ago

  • Keywords needs-patch dev-feedback added

This is an interesting point. I think the solution for this ultimately would be a plugin to verify comment author by sending an email to the account in question to confirm the comment as suggested in #10931.

This ticket was mentioned in Slack in #core-comments by rachelbaker. View the logs.


8 years ago

Note: See TracTickets for help on using tickets.