=== Email Validator for Comments === Contributors: securityinsight Donate link: https://securityinsight.pro Tags: comments, spam prevention, email verification, comment moderation, email confirmation Requires at least: 5.0 Tested up to: 6.8 Stable tag: 1.8.3 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Blocks comment submission until the user confirms their email address with a one-time link. No accounts or captchas required. == Description == **Stop fake or misused emails in your comment section.** This plugin prevents spam and ensures valid email ownership by requiring users to confirm their email address before a comment is submitted. When a user leaves a comment, they’ll receive a one-time confirmation link by email. Their comment won’t appear until they click the link — no accounts, no passwords and no friction for real users. **Why Use It?** - Improves trust and deliverability. - Cuts down on abuse, spam and bot activity. - Ensures email addresses actually belong to the commenter. - Comments from verified users go straight to approved or pending in the future. == Features == - Email confirmation required before comment is accepted. - Comments with unconfirmed emails are automatically deleted after 3 days. - One-time confirmation — verified commenters skip confirmation next time. - Lightweight, secure, and privacy-friendly. - Admin tool to manually clear all verified email records. - No account creation required. - No third-party services or API keys needed. - Only one confirmation email sent per hour to a single email address to prevent abuse. == Installation == 1. Upload the plugin folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the ‘Plugins’ menu in WordPress. 3. That’s it — the plugin works automatically. No configuration required. == Frequently Asked Questions == = Does it store user data? = Only temporarily. The commenter’s email and comment content are stored until confirmation. After that, the pending data is deleted automatically. Nothing is shared or transmitted to third parties. = Will users have to confirm every time they comment? = No. Once a user confirms their email once, future comments from the same email will bypass the confirmation step. = What happens to unconfirmed comments? = If the confirmation link isn’t clicked within 3 days, the comment is automatically deleted. = Does it work with caching plugins? = Yes, it’s designed to work with most major caching solutions. == Screenshots == 1. The banner shown after a user submits a comment (telling them to confirm their email). 2. The one-time confirmation email. 3. The message shown after email is confirmed. 4. Admin confirmation prompt before clearing confirmed emails. 5. Email Validator admin tools screen. == Changelog == = 1.8.3 = * Deprecated issues fixed = 1.8.1 = * Error fixes = 1.8.0 = * Added a view pending emails feature to admin tools. = 1.7.0 = * Added secure admin tools page for managing confirmed emails. * Added display of current pending and confirmed email counts. * Added nonce verification to confirmation link handling. * Improved code security, sanitization, and performance. == Upgrade Notice == = 1.7.0 = This update introduces a secure admin page for tools, improves sanitization, and resolves all flags. Recommended for all users.