Beginner's Guide for WordPress / Start your WordPress Blog in minutes

How to Disable HTML in WordPress Comments

By default, WordPress allows certain HTML tags within the comments such as <a> <em> <strong> etc. If you notice a lot of SPAM comments also contain these tags. Most SPAM comments are made by bots and scripts, which are using HTML tags. If you simply disable HTML from your WordPress comments, it can prevent a lot of SPAM. In this tutorial we will show you how you can disable HTML tags in your WordPress comments.

This tutorial will only disable active HTML tags. So someone can still post something like:

&lt;a&gt;&lt;em&gt;&lt;strong&gt;

And it will show up, but the tags will not be functional. So if someone uses the strong tag, it won’t bold the text. Besides not many SPAM bots have time to do this because this way takes up a lot of time and it is not beneficial for them.

All you have to do is simply open your functions.php and add the following code:

    // This will occur when the comment is posted
    function plc_comment_post( $incoming_comment ) {

    // convert everything in a comment to display literally
    $incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']);

    // the one exception is single quotes, which cannot be #039; because WordPress marks it as spam
    $incoming_comment['comment_content'] = str_replace( "'", '&apos;', $incoming_comment['comment_content'] );

    return( $incoming_comment );
    }

    // This will occur before a comment is displayed
    function plc_comment_display( $comment_to_display ) {

    // Put the single quotes back in
    $comment_to_display = str_replace( '&apos;', "'", $comment_to_display );

    return $comment_to_display;
}

If you don’t want to manually add this code yourself, then the original author also offers a plugin that you can download. Simply install and activate Peter’s Literal Comments plugin.

The reason why this way is better is because it does not require you to change the core files. If you want to edit your core files then you may go to wp-includes/kses.php and edit the codes there. (This is not Recommended, but it is here for the sake of knowledge. (WP Codex for more details)

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

23 CommentsLeave a Reply

  1. Unfortunately, the Peter’s Literal Comments plugin is not active any longer; it has been updated last in 2015, and may not even work on recent versions any more. You might need to recommend a different plugin instead…

    • Thank you for letting us know that the plugin is not active a the moment. When we look at updating the article we will look for an alternative :)

      Admin

    • Hi,

      You can use the following HTML tags in comments by default.

      <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

      Admin

  2. Very well written article, i always follow your blog for all my wordpress problems thnks

  3. there are lots of commnts on my every blog post … how to disable HTML hyperlink so that i can prevent my blog post from spam

  4. I think that something is missing. You should add your function plc_comment_display() to the filter stack like this:

    add_filter(‘comment_text’, ‘plc_comment_display’);

    Regards.

  5. Brilliant article thanks! Seems to work perfectly well with the latest versions of wordpress as well (3.3) Made the code a lot cleaner as mentioned and seems to have made life easier when trying to implement the comments form into side areas ect. (Had a nightmare with previous use of the normal code)

  6. The more mature you are, the harder at risk you are for getting something undesirable happen to you while overseas. Thanks for revealing your suggestions on this blog.You have good grapes on wordpress thanks for making my problem so easy .

  7. Great, by this way one can ensure that nobody drops links in the comment box. I really hate to see people doing that unnecessarily.

  8. Its confused me Bro, but i make some simple plugin that allow you to replace with &gt ;

    <?php
    /*
    Plugin Name: Filter Comments
    Plugin URI: http://cruzenaldo.com/plugin-sederhana-filter-komentar/
    Description: Plugin sederhana untuk melakukan filterisasi terhadap komentar dan mencegah user menginput tag – tag HTML
    Author: Cruz3N
    Author URI: http://www.cruzenaldo.com/
    Version: 1.0
    */

    function my_function ($text) {
    $text = str_replace('’, ‘&gt ;’, $text);
    return $text;
    }

    add_filter(‘comment_text’, ‘my_function’);
    ?>

    You can modification that better… Hope usefull

    Download here
    http://www.box.net/shared/rgb4lmt5uy

    And this is my ugly blog :p
    http://cruzenaldo.com/

    Best Regard
    Cruz3N

  9. Thank you for the useful tuto and easy to follow. I’ve found another one explaining how to disable HTML but was to hard and badly explained, anyway thanks again and have a great week end :)

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.