Managing the comments on a WordPress website requires administrative configuration of post settings, manual approval of comment posts, and automated anti-spam filtering.
The default WordPress comment system is designed to work with the Akismet anti-spam module from Automattic. This guide provides an overview of the administrative settings for WP comments so you can best manage all external content on your WP pages.
Table of Contents:
- WordPress Comment System – How does it work?
- Enabling Comments in WordPress
- Managing Comments in WordPress
- Comment Spam
- WordPress Avatars
When you publish a post in WordPress, the comment system is turned on by default. This can be helpful for blog posts to develop community interaction or on product pages for valuable client feedback. As for landing pages and static content – WP publishers are better turning them off altogether as they serve no real purpose.
But let’s now take a closer look at WordPress comments and what we can really do with them?
WordPress Comment System – How does it work?
In a default WordPress installation, there is a “Hello World” page that is automatically created to illustrate the functionality of the CMS. If you go to the WordPress dashboard and open the page to edit it, you should see something like this:
Under the Discussion tab in the right side of the Gutenberg editor, you will see the settings for comments, pingbacks, and trackbacks which can be toggled on or off according to the requirements of each post. Using this option, you can decide if your page/post will show those features to visitors or hide them.
If you navigate to the /wp-admin/edit.php page, you will see a list of all content posts with the “Hello World” page listed. The interface allows you to view how many comments have been posted to the page and how many are waiting approval:
The default setting of the WordPress CMS is that comments are allowed on posts, with administrator approval required for publishing. If you click on the Comments icon next to each post, you will get to the page with all comments awaiting your confirmation.
On the comments settings page, there are quick links to view All, Pending, Approved, Spam, and Trash comments. Use the links and bulk actions to approve the relevant comments on your WordPress blog pages and delete all spam.
Enabling Comments in WordPress
To enable comments in WordPress, look under the Settings tab in WP Admin and navigate to the Discussion section.
The default post settings for WordPress comments are:
- Attempt to notify any blogs linked to or from the post
- Allow link notifications from other blogs (pingbacks and trackbacks) on new posts
- Allow people to submit comments on new posts
Changing these settings will have a global effect on all posts on the website. The options can be overridden on each individual page using the method presented in the previous section.
Turning on Comments for a Single Post or Page
For more finely-grained comment settings, the Discussion section also has some advanced options for WordPress comments that can be configured with more detail:
- Comment author must fill out name and email
- Users must be registered and logged in to comment
- Automatically close comments on posts older than (x) number of days
Turning these settings On will require users to verify their identity and email before posting comments to a site. You can also turn off comments after a certain number of days. Settings for cookies can be modified according to the requirements of your blog or ecommerce store.
Managing Comment Display in the Discussion Section
The comment settings in the Discussion section will also let you to choose the way comments are displayed on pages with nested views or time-ordered list views.
The options here are:
- Enable threaded (nested) comments (x) levels deep
- Break comments into pages with (x) top-level comments per page and the last page displayed by default
- Comments should be displayed with the (older/newer) comments at the top of each page
NOTE: Make sure your chosen settings can integrate with your WordPress theme and user avatar system for registered users for the most efficient content display.
Establishing Moderation Settings for Comments on Pages
The final part of our Discussion section includes the settings for site-wide moderation of comments. There are two main aspects.
You can configure WordPress to receive an email whenever:
- Anyone posts a comment
- A comment is held for moderation
You can also require manual approval before a user comment appears on a live site:
- Comment must be manually approved
- Comment author must have a previously approved comment
These settings increase the level of administrative control over comment publishing on WordPress pages even more, as there now needs to be a higher level of certified activity before a user can post.
In order to establish filters for the moderation queue, use the form provided on the page:
This allows WP admins to set a hold on a comment if it contains a certain number of links, which can be indicative of spam. You can also set a list of keywords, authors, URLs, email addresses, IP addresses, or browser settings that will automatically route comments to the WordPress moderation queue. Use this form to fine-tune your site’s anti-spam filters and defend it from web attacks.
Managing Comments in WordPress
The Discussion settings also allow for the establishment of Disallowed Comment Keys that will automatically send comments to the Trash if they are included in a post. These are stringent rules and you should only use them to deal with things like hate speech, graphic language, insults, etc. on your pages.
Managing Incoming Comments
After the site-wide and individual post settings for comments are set, administrators can focus on the Comments section to manage user posts.
Using the WP Admin menu, navigate to: /wp-admin/edit-comments.php
There, you will see a list of all comments with approved and pending approval content color codes:
WordPress administrators can use the Comments column to quickly review anti-spam filters, approve pending comments, and view all of the posts users have submitted to the site.
Moderating Comments with the Comment Screen
If you need to remove a pending comment because of spam, abusive language, or hate speech, click on the check-box next to the post and select Trash from the drop-down menu:
You can also mark the message as spam to block similar posts from the user. The other option here, naturally, is to approve the comment.
Bulk Editing Comments
The Comments section allows administrators to perform bulk actions on comments to speed up operations. You can select multiple comments together from the interface and mark them as spam or move them to the trash. You can also bulk approve legitimate comment posts.
One of the oldest and most installed plugins for WordPress is the Akismet anti-spam module. Produced by Automattic, the developers of the WP core, the plugin adds an additional layer of spam protection to comment management, which is considered essential for most online projects, regardless of their niche.
Here is how Akismet can be of your benefit as well:
Akismet and Anti-Spam Settings
In order to install the Akismet anti-spam module, navigate to Plugins > Add New under the WP Admin menu to the section at: /wp-admin/plugin-install.php
The Akismet anti-spam plugin is installed by default, so you only need to click on the Activate button. This will lead to the creation of a newly registered account for the service with your own unique API key.
WordPress publishers can use Akismet anti-spam for free on their website if:
- You don’t have ads on the site
- You don’t sell products/services on the site
- You don’t promote a business on the site
In case your site falls in one of those categories, there is a licensing fee of $8/mo for the service to support unlimited websites. You can find some enterprise options as well, but the Personal or Plus plan should be enough for most users.
To complete the installation process, open the Akismet settings in the WP dashboard, under the Plugins menu. Open the Settings link in the Akismet plugin section and follow these steps:
- Click on Manually enter an API key.
- Copy the API key from the email sent to you and paste it into the text field.
- Click the button labeled Connect with API key.
You should then see an Akismet administration screen with settings for comments:
Since most spam comments are delivered by automated bots that operate without human interaction, Akismet is trained to recognize the most common spam tactics and eliminate the threats before they reach your site.
The Akismet anti-spam module is recommended for increasing security and simplifying comment administration on WordPress websites.
Comment Systems, Hack Attacks, and their Prevention
Other ways to protect your comment system on WordPress sites are to install the Captcha and Honeypot plugins across all forms on a domain.
Captcha-type plugins implement a human verification process to confirm a legitimate user is trying to post. Honeypot plugins operate on the same principle but with even less hassle – the visitor does not need to undergo any extra steps. Instead, the honeypot tries to trick the bots by adding extra fields in the CSS that only they can see.
If you want your registered users to have avatars on your WordPress site, you can use the default core capabilities of the CMS or install a plugin like Gravatar.
To configure the core CMS settings, return to the Settings > Discussion page at: /wp-admin/options-discussion.php
In this section, admins have the ability to control avatar display settings across the site, including a default image that will be used for new users. You can also turn off avatar display completely if it doesn’t fit your theme design.
Although there are advantages of adopting different WordPress comment solutions like Disqus, Graph Comment, wpDiscuz, and Facebook Comments, most users can start with the default CMS core functionality.
Following the configuration settings in this guide, WordPress publishers can configure the settings for each post or content type individually, as well as filter spam messages directly to trash.
If you have more questions about WordPress comments, contact the ScalaHosting support team and we will gladly lend a helping hand.