How to Disable HTML in WordPress Comments

By Editorial Staff in Tutorials

By default, WordPress allows certain HTML tags within the comments such as <a> <em> <strong> etc. If you notice a lot of SPAM comments also contain these tags. Most SPAM comments are made by bots and scripts, which are using HTML tags. If you simply disable HTML from your WordPress comments, it can prevent a lot of SPAM. In this tutorial we will show you how you can disable HTML tags in your WordPress comments.

This tutorial will only disable active HTML tags. So someone can still post something like:

And it will show up, but the tags will not be functional. So if someone uses the strong tag, it won’t bold the text. Besides not many SPAM bots have time to do this because this way takes up a lot of time and it is not beneficial for them.

All you have to do is simply open your functions.php and add the following code:

// This will occur when the comment is posted
function plc_comment_post( $incoming_comment ) {

// convert everything in a comment to display literally
$incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);

// the one exception is single quotes, which cannot be #039; because WordPress marks it as spam
$incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] );

return( $incoming_comment );
}

// This will occur before a comment is displayed
function plc_comment_display( $comment_to_display ) {

// Put the single quotes back in
$comment_to_display = str_replace( ''', "'", $comment_to_display );

return $comment_to_display;

Source – The original author also offers a plugin that you can download from his site.

The reason why this way is better is because it does not require you to change the core files. If you want to edit your core files then you may go to wp-includes/kses.php and edit the codes there. (This is not Recommended, but it is here for the sake of knowledge. (WP Codex for more details)

What Next?

Digg it
Save This Page
Subscribe to WPBeginner
Stumble it

Comments

7 Responses to “How to Disable HTML in WordPress Comments”

Jad Limcaco says:

November 10, 2009 at 1:08 pm

Thanks! Didn’t know how to do this before.

Ms. Freeman says:

November 11, 2009 at 12:21 pm

This will be of great help from those spam bots that try to leave comments with twenty or so links…LOL:) Thanks

Blogger Pemula says:

December 27, 2009 at 8:34 pm

Thanks for the Great Tips.
Is it affecting commentluv plugin?

Editorial Staff says:

December 28, 2009 at 10:37 am

Haven’t tried yet, but don’t think it should.

Reply

michelle says:

January 1, 2010 at 9:26 am

this great and should help to block out loads of spam thanks

Infographiste says:

January 30, 2010 at 1:12 pm

Thank you for the useful tuto and easy to follow. I’ve found another one explaining how to disable HTML but was to hard and badly explained, anyway thanks again and have a great week end

Cruz3N says:

February 3, 2010 at 6:21 pm

Its confused me Bro, but i make some simple plugin that allow you to replace with &gt ;

<?php
/*
Plugin Name: Filter Comments
Plugin URI: http://cruzenaldo.com/plugin-sederhana-filter-komentar/
Description: Plugin sederhana untuk melakukan filterisasi terhadap komentar dan mencegah user menginput tag – tag HTML
Author: Cruz3N
Author URI: http://www.cruzenaldo.com/
Version: 1.0
*/

function my_function ($text) {
$text = str_replace('’, ‘&gt ;’, $text);
return $text;
}

add_filter(‘comment_text’, ‘my_function’);
?>

You can modification that better… Hope usefull

Download here
http://www.box.net/shared/rgb4lmt5uy

And this is my ugly blog :p
http://cruzenaldo.com/

Best Regard
Cruz3N