Skip to content

Comments: Require login to comment with a registered user's email#12452

Open
adamsilverstein wants to merge 1 commit into
WordPress:trunkfrom
adamsilverstein:fix/10931-registered-email-login
Open

Comments: Require login to comment with a registered user's email#12452
adamsilverstein wants to merge 1 commit into
WordPress:trunkfrom
adamsilverstein:fix/10931-registered-email-login

Conversation

@adamsilverstein

Copy link
Copy Markdown
Member

Summary

When a logged-out visitor submits a comment using the email address of a registered user, this blocks the comment and prompts them to log in, preventing anonymous visitors from impersonating registered users.

The check is added to wp_handle_comment_submission(), alongside the existing name/email validation, and returns a WP_Error (comment_author_must_login, HTTP 403) whose message contains a login link that redirects back to the post after authenticating.

Relationship to PR #8443

This is an alternative implementation of PR #8443 by @Infinite-Null, opened separately so as not to step on that contributor's work. The design goal (force login, per comment:72 / comment:73) is the same; the differences are:

  • Returns a WP_Error instead of calling wp_die(). The message is surfaced on the comment form (keeping the visitor on the page with a login link) rather than replacing the request with a 403 page.
  • Placed in wp_handle_comment_submission() next to the sibling name/email checks, rather than in wp_check_comment_data() (which is documented to return an approval status, not halt the request).
  • Unit testable, so test coverage is included (PR Comments: Email check for non logged in users #8443 had its tests removed because the wp_die() approach could not be cleanly tested).

Tests

tests/phpunit/tests/comment/wpHandleCommentSubmission.php:

  • test_submitting_comment_anonymously_with_registered_email_returns_error — logged-out + registered email → WP_Error (comment_author_must_login, 403).
  • test_submitting_comment_anonymously_with_unregistered_email_succeeds — logged-out + unregistered email → comment succeeds (guards against false positives).
  • test_submitting_comment_as_logged_in_user_with_registered_email_succeeds — logged-in user commenting under their own registered email still succeeds (the check only targets logged-out visitors).

All 47 tests in the class pass; PHPCS is clean on the changed lines.

Open question (design)

The error message states the address belongs to a registered user, which — as @johnbillion noted in comment:56 — is an email-enumeration signal (though the same information is already discoverable via wp-login.php). This can be softened if preferred. Whether force-login is the agreed direction (vs. routing to the moderation queue) is still open on the ticket.

Trac ticket: https://core.trac.wordpress.org/ticket/10931

When a logged-out visitor submits a comment using the email address of a
registered user, return a `WP_Error` from `wp_handle_comment_submission()`
prompting them to log in, rather than accepting the comment. This prevents
anonymous visitors from impersonating registered users.

Handling this alongside the existing name/email validation returns the
message to the comment form (with a login link that redirects back to the
post) instead of halting the request, and keeps the behavior unit testable.

See WordPress#10931.
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Core Committers: Use this line as a base for the props when committing in SVN:

Props adamsilverstein.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

  • All changes will be lost when closing a tab with a Playground instance.
  • All changes will be lost when refreshing the page.
  • A fresh instance is created each time the link below is clicked.
  • Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
    it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant