[wp-hackers] Encrypting comment_author_IP, comment_author_email and user_email

William Canino william.canino at googlemail.com
Fri Oct 23 20:31:29 UTC 2009


True but I can restore the site from backups. But once the emails are
harvested, I cannot do anything about it.

My blog's theme says, "Your email is <i>never</i> published or
shared". This is why I want to do one step further.

Can the plugin basically hook pre_comment_author_email (encrypt it)
and hook get_comment_author_email, author_email and comment_email
(decrypt it if conditions are met)?

and the same with pre_comment_user_ip and get_comment_author_IP?

For user_email, it seems I have to override get_userdatabylogin() to decrypt it.

Matt mentioned get_avatar(). What else should I watch out for?

W

2009/10/23 William Canino <william.canino at googlemail.com>:
> Hello,
>
> Has anyone heard of anyone writing a plugin that encrypts these three
> columns in the database level?
>
> a. $comment->comment_author_email, "SELECT comment_author_email FROM
> wp_comments" and "SELECT user_email FROM wp_users" will display
> gibberish.
>
> b. comment_author_email() will display gibberish unless a condition
> set in the plugin is true.
>
> I would like assurance that someone who gains db access to the blog or
> get hold of a SQL dump cannot harvest email addresses.
>
> Also, if this is something one shouldn't worry about, why not?
>
> Thank you for your assistance.
>
> W
>


More information about the wp-hackers mailing list