If you run a WordPress site with comments enabled, you’re probably familiar with the daily battle against spam. The WordPress ecosystem offers many excellent plugins that do a great job blocking automated bots, detecting suspicious content, and filtering out junk. But there’s a persistent problem that most plugins don’t fully address: human-generated spam and abuse using fake or stolen email addresses.

That’s why we built a simple but powerful solution:
Email Validator for Comments – a free WordPress plugin that stops unverified users from getting their comments approved until they prove they own the email address they used.

✅ The Problem: WordPress Accepts All Comments—Even From Fake Emails

By default, WordPress doesn’t verify whether a commenter’s email is real. If someone fills out the comment form with any syntactically correct email address, their comment is stored in your database immediately—even if that email address is fake or stolen.

This leads to several problems:

  • Fake identities: Abusers impersonate others using a real-looking but fake email address.

  • Unreachable users: You can’t reply or follow up with commenters because their emails are invalid.

  • Reputation damage: Your comment section fills with harmful, misleading, or spammy content from people who never verified who they are.

  • Increased moderation burden: You waste time sorting through comments that were never from real users in the first place.

  • Risk of being blacklisted: If you use automatic tools to send new post and comment alerts to the email addresses stored in your database, many emails might bounce or be reported as spam. This can result in your server being blocked from sending to some email providers.

🔒 The Solution: Require Email Confirmation Before Approval

Our plugin puts a simple but highly effective safeguard in place: email verification. Here’s how it works:

  1. A user submits a comment – Just like normal.

  2. Instead of inserting the comment as approved or pending, it’s stored temporarily in a secure internal holding area.

  3. The user receives an email with a one-time confirmation link.

  4. When the user clicks the link, the comment is inserted into WordPress as approved or pending, depending on how your discussion settings are configured.

  5. Once a user’s email address is confirmed, they never need to verify it again on your site.

If a user never confirms their email, the comment is discarded automatically after 3 days to prevent database bloating.

🤖 But What About Bot Protection?

This plugin does not replace your existing anti-spam tools—it complements them.

There are many useful plugins that already help block automated spam, keyword spam, brute force attempts and other unwanted activities. However, those tools don’t verify ownership of the email address. Our plugin fills in that missing piece by making sure:

  • The commenter is using a real, reachable email.

  • They have access to that email (not impersonating someone else).

  • They are invested enough to click a confirmation link before their comment is even considered.

This reduces human spam, impersonation, and anonymous harassment—something automated filters usually miss.

⚙️ Key Features

  • 🛡️ Requires email confirmation before comment submission

  • 📨 One-time link sent securely to the commenter

  • 🔁 Future comments from confirmed emails skip verification

  • 🧹 Automatically deletes unconfirmed comments after 3 days

  • 🧩 No CAPTCHA, no JavaScript, no complexity

  • 💻 Fully compatible with existing comment moderation settings

  • 🔧 Lightweight and developer-friendly, no third-party services or tracking

👩‍💻 Why This Matters for Site Owners

If you value the quality of your comment section, this plugin gives you more control and peace of mind.

It empowers you to make sure only real people, using real emails, can leave comments on your site. It also encourages a more accountable, respectful community—while still keeping the process simple for your users.

🚀 Get Started

You can download the plugin from the WordPress Plugin Repository or install it directly from your WordPress admin dashboard by searching for “Email Validator for Comments.”

Setup is automatic—just install and activate. No configuration is needed for most sites.

If you have questions, feedback, or suggestions, we’d love to hear from you.

Let’s make WordPress comments cleaner, safer, and more trustworthy—together.