How to Disable HTML in WordPress Comments (Quick + Easy Method)

When we first started managing WordPress sites for clients, dealing with comment spam was a daily headache.

By default, WordPress lets users include certain HTML tags in their comments, like <a>, <em>, and <strong>. While these tags can be helpful, spammers often misuse them to add links and formatting, turning discussions into a cluttered mess of unwanted promotions.

We’ve tried many ways to block spam, but one of the easiest and most effective methods is to simply turn off HTML in comments. This quick change helps reduce spam right away while still allowing real visitors to join the conversation.

In this guide, we’ll show you how to disable HTML in WordPress comments without writing any code. Don’t worry about anything technical — it’s an easy fix you can set up in just a few clicks! 🛠️

Why Should You Disable HTML in WordPress Comments?

When people post comments, they can add links, bold text, italics, and other elements to their message. This sounds harmless, but it’s not always a good thing.

Allowing HTML means users can format their comments, but it also leaves the door open for abuse. Bots and scripts are often programmed to post comment spam using HTML tags to sneak in spammy links, making the comments section messy and unsafe.

So, disabling HTML can help block these unwanted posts and keep your site secure.

This means that someone can still post something like:

I really loved your post! <em>It changed my life!</em> Visit <strong>my blog</strong> for amazing tips!

Or a very random string like this:

<a><em><strong>

The comment will still show up, but the HTML tags will not be functional.

This simple feature gives you more control over the type of content shared on your WordPress website. It also makes managing your site easier and keeps your readers safe from unwanted or harmful comments.

Now, let’s see how you can disable HTML in WordPress comments. Here are all the topics we’ll cover in this guide:

Disabling HTML in WordPress Comments

Some tutorials will tell you to add custom code directly to your theme files. They say you’ll need to open your theme’s functions.php file and add a custom code snippet.

However, this isn’t the most beginner-friendly method, and you risk breaking your site by modifying your functions.php file.

In our experience, WPCode isthe safest way to execute this PHP snippet without breaking the theme. That’s why we recommend it as the best code snippet plugin for WordPress.

WPCode lets you safely add custom CSS, PHP, HTML, and more to WordPress. You can simply paste a snippet into its editor and activate it with one click.

Some of our partner brands use WPCode to add and manage custom code snippets on their websites. We’ve seen how it streamlines our workflow, and you can learn more about how it works in our complete WPCode review.

With that in mind, let’s install and activate the WPCode plugin.

You can start out with the free version, as it supports custom code snippets. If you need help, then you can follow our guide on how to install a WordPress plugin.

Upon activation, you’ll want to head over to Code Snippets » + Add Snippet.

This will take you to the code snippet library.

Since we’re going to use a custom snippet, you can hover over the ‘Add Your Custom Code (New Snippet)’ and click the ‘+ Add Custom Snippet’ button.

On the next screen, WPCode will ask you to choose a code type.

Simply click on the relevant box to select the ‘PHP Snippet’ option.

You should now arrive at the code editor.

From here, you can first add a title for your custom code snippet. Let’s make sure you use a clear name, as it will help keep everything organized. For example, we are using ‘Disable HTML in Comments.’

Next up, in the ‘Code Preview’ box, you can add the following custom code snippet. This code uses a simple PHP function to convert special HTML characters into plain text entities.

It means that the browser will safely display the raw tags as text on the screen instead of executing them as code, completely neutralizing malicious scripts and hidden spam links:

add_filter( 'preprocess_comment', function( $comment_data ) {
    $comment_data['comment_content'] = htmlspecialchars( $comment_data['comment_content'] );
    return $comment_data;
} );

Here’s what it looks like in the editor:

From here, all you have to do is run the code.

To do this, you can switch the toggle from ‘Inactive’ to ‘Active’ and click the ‘Save Snippet’ or ‘Update’ button.

And that’s it!

Now, you can open your blog post in a new incognito or private browsing window to test commenting using HTML tags and see how it appears on the front end.

Here’s what it looks like on our demo site:

Bonus Tip: Disabling Auto-Linking of URLs in WordPress Comments

If you want to boost your site’s security even further, then it’s a good idea to disable auto-linking of URLs in WordPress comments.

By default, WordPress automatically converts plain text URLs pasted into comments into clickable links. While this auto-linking doesn’t change your database, it does display the live links in your admin area and comments section.

While some commenters may have genuine reasons for pasting links, spammers often flood comment sections with malicious URLs to boost their own SEO or trick your visitors.

Spammy URLs can pose security risks. Some of these links might lead to harmful sites or scams, which could compromise your visitors’ safety.

By keeping your comment section clean and free of these direct URLs, you help ensure a better user experience for everyone on your site.

The good news is that you can use WPCode to do this easily and safely. For step-by-step instructions, you can see our guide on how to disable auto-linking of URLs in WordPress comments.

FAQs: Disabling HTML in WordPress Comments

Do you still have questions about turning off HTML in your comments? Here are some of the most common questions our readers ask us.

Will disabling HTML in comments affect existing comments?

No, this code only affects new comments. Old comments with HTML will stay intact unless you edit them manually.

Is it safe to use WPCode?

Yes. It’s safer than editing functions.php because it prevents errors that can break your site.

Can I re-enable HTML later?

Yes, just deactivate or delete the snippet in WPCode.

Additional Resources to Improve Your WordPress Comments

We hope this article has helped you learn how to disable HTML in WordPress comments.

Now that you have secured your comment section against malicious HTML, you might want to explore our other guides on optimizing this newly protected area:

• Best Plugins to Improve WordPress Comments
• How to Highlight Author’s Comments in WordPress
• How to Display the Most Commented Posts in WordPress
• How to Allow Users to Edit Their Comments in WordPress
• How to Make Blog Post Comments Searchable in WordPress

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.