Better WordPress security through comment filters

Combination LockI have an admin username (it’s not admin) which I use to manage my WordPress blog, and an editor user with which I write posts and leave comments. Sometimes, though, I get confused, lazy or both, and end up leaving comments as my admin user. This rather defeats the purpose of using a non-default admin username, which is generally done for security purposes (if they can’t guess the admin’s username, it makes it that much harder to hack the admin account).

More out of laziness than anything else (we can call it efficiency, right?), I dropped the functions below into my functions.php file. They filter my admin username out of any comments I leave. Wordpress also adds the user’s name in a class for the list item of the comment, so I needed to remove that as well. If you’re in a similar situation, feel free to grab the code and place it in your own theme’s functions.php file, replacing the adminuser and regularuser placeholders with your own admin and editor usernames. The comment class code is modified from a hack found at WPRecipes.

<div markdown=0>


// change the class that wordpress assigns to the comment
function change_comment_author_class( $classes ) {
	foreach( $classes as $key => $class ) {
		// change adminuser to your admin username
		if(strstr($class, "comment-author-adminuser")) {
			// change regularuser to the user you comment with
			$classes[$key] = 'comment-author-regularuser';
		}
	}
	return $classes;
}
// substitute a user name for the admin name
function change_comment_author($author)
{
	// change this to the admin username
	if(strstr($author,"adminuser")) { 
		// change this to the name of the user you comment with
		return "regularuser"; 
	}
	return $author;
}
// apply the filters
add_filter( 'comment_class' , 'change_comment_author_class' );
add_filter( 'get_comment_author' , 'change_comment_author' );

</div>

0 Responses. Add Yours!

Discussion

blog comments powered by Disqus