Comment Notifier Plugin for WordPress.
Today I decided to try out Comment Notifier plugin for my WordPress. You’ll find now a checkbox “Notify me when new comments are added” under the comment form. At a first glance this plugin makes a good impression! It installed itself properly and after a little configuration it could send already notification mails! Great! The only shortcoming I could find so far is when you delete some comment, the email of the deleted author stays in the comment_notifier table. Personally I would expect, that the addresses of the potential spammers whould be also deleted from the notification list…
By the way, I’m positively impressed how easy it has got to install plugins in the latest version of WordPress! Only one click! In former versions one needed to copy a source code of a plugin in a particular folder on the server and to run a MySql script to create plugin tables in the database. Ok, it was not a great act….but still! Now this process is fully automatized!
Unfortunately, I must temporaly disable this plugin. Two days later I noticed, that it’s a nice backdoor for the spam bots. I suppose, that the main reason is that “Comment Notifier” does not support any interaction with capcha plugin. So following happens: a spam bot sends a message to my cms. Its message is ignored by the comments plugin, because the robot cannot authorize itself as a human. But the Comment Notifier plugin saves this message in its database table and sets the bot on the subscriber list. The result is – all the users, who have ever left a comment for a particular posting and subscribed for notification, receive this spam message.
Sure, to fix it is just a matter of 5 minutes… but I guess I’ll have this time only next weekend.
author: Ilya G. | July 21st, 2009 at 8:46 pm