It’s been a few days, and it appears that WordPress.com is committed to this new login requirement for commenting with Gravatar and WordPress.com accounts (filling the commenting form with phony and non-registered email addys still works the same, and gives you the auto-generated avatar).
I’ve been watching this FAIL in slow motion, and the main thread on the support page is now over 200 comments worth of confusion and outrage. It seemed clear that the people in change over there were gone for the weekend, but now I’ve seen a slight improvement (but still a FAIL). Now, if you try to comment with a gravatar/wordpress-registered email addy in the comment form, the error message looks like this:
(I think this is at least the 3rd incarnation of this error message)
So, even if you’re not given a login form underneath that message, or given a link to a login page (either of which would have seemed to make more sense), you CAN hit that “back button”, and you shouldn’t be forced to re-enter the content of your comment. So…
Hit the “back button”, and then click the “W” icon in the comment form:
This will open a login window. Fill out the username/password, and you should be able to return to your comment and click the “post comment” button without having to re-enter anything.
I’m embarrassed to say that I forgot about the “W” icon in our previous instruction thread (as admin, I had always used the link in the sidebar, since it took me to the DoD dashboard), and this should be a little easier for our visitors.
For the time being, I’m placing the reminder message above the form, so hopefully you guys/gals will make sure to log in first and save yourself the extra steps.
Update: WordPress.com’s Clumsy Changes to Commenting was a Knee-Jerk Attempt to Block a Single Impostor? FAILPosted: March 16, 2012
As more and more WordPress.com bloggers (like us) begin to realize that their commenting system has had a surprise and unwelcome shot to the foot, the confusion and discontent is spreading rapidly. For the moment, we sit here at the mercy of the people at WP.com, hoping that our instruction thread has limited the damage, and alleviated a lot of the confusion for our readers.
While we wait and see if they’ll realize their mistake and/or change this, I believe I’ve stumbled upon what prompted this sudden move:
If I’m reading that right, it looks like my theory that this was intended to be a solution to nefarious gravatar/nic-jacking was correct, as this appears to have been done as a reaction to one case (!?) involving a victim of above-average influence on the net? Wow…
Even if it was properly executed (which it isn’t even close to that), it’s a boneheaded sledgehammer solution to a fly-sized problem. The thinking is still flawed, since anyone can still simply steal an image and apply it to their own gravatar account, if they really wanted to impersonate another netizen. Like with an IP, only the webmaster or admin would be able to tell the difference, and even they would not be able to verify which email addy was the legit one, right? To the rest of the world, the commenter is successfully impersonated. For example (simple demonstration, with one of my other accounts):
Or retweet this:
Look, people nic-jack all day long, on every corner of the blogosphere. But when it’s done to some big wig at Google, then the rest of us get hosed, I guess. Hopefully they’re smarter than this, and switch it back…soon.
It appears that the great folks at WordPress.com decided once again to change something without a proper announcement, and since our site uses their service, we’ve been affected as well. Many of our users are seeing this when they attempt to leave a comment:
Searching the WP forums, there’s a lot of confusion over it, but I finally found a post from one of the staff that appears to be an official explanation:
We’ve recently updated our commenting system.
Now if someone tries to comment with an email address attached to a WordPress.com account, they’ll need to sign into WordPress.com before they can comment.
If commenters have forgotten their password they can request a reset:
The little detail that this guy is leaving out is that this affects anyone with a Gravatar as well (WordPress and Gravatar have been affiliated with one another since 2007). I’ve already seen a lot of bloggers on the support boards pretty upset over this, and at this point we shouldn’t rule out the possibility that WP could make another change to it. So…
Anyway, for the time being, commenters who are using a phony or non-gravatar/wordpress email in our comment form are not affected. Your auto-generated avatars will appear and you can comment as you always have.
For commenters with a gravatar, you must now login if you want to comment here (or any WordPress.com blog). It’s lame, but here’s the easiest solution:
1) Click the “log in” link in our sidebar:
2) enter your Gravatar username and password* (and you might want to check that “remember me” box):
3) because the geniuses at WP.com haven’t quite thought this through, you’ll be greeted with a message like this (unless, of course, you’re logging in as one of the authors here):
4) But it’s OK! You’re logged in. All you have to do is go back and/or refresh our front page, and you’ll be ready to comment.
But wait! Some folks don’t want their gravatar username to be the display name for their comments. Now that you’re logged in, you can change that:
1) in the comment box, click “change”:
Then clear out the box for the username, and enter the new one:
*for this example, I used “blogwarriorx”, which is one of the house gravatars that I created (located in our sidebar). So, I was able to do this because I know the password for this account. This recent change means that, unfortunately, these house DoD gravatars won’t be usable for visitors like they once were (by simply c/p the addy into the comment form). Since publicly posting up the passwords for these would be problematic, I think I might hand these out to people if anyone is interested (hit us up on the comment form, maybe after a week or so; let’s see if WP changes it back).