Sanitizing Comments

By now, you’re well acquainted with your role as supreme comment commander.
Only you can decide which comments live to see the light of day, and which ones
are banished to the trash or spam folders.
WordPress gives you one more power over comments that may surprise you. You
can crack open any comment and edit it, exactly as though it were your own content.
That means you can delete text, insert new bits, change the formatting, and even
add HTML tags. You can do this by clicking the Edit link under the comment, which
switches to a new page named Edit Comment, or you can edit it more efficiently by
clicking the Quick Edit link, which opens a comment-editing text box right inside
the list of comments.
You might use this ability to remove something objectionable from a comment
before you allow it, such as profanity or off-site links. However, few site administrators
have the time to personally review their readers’ comments. Instead, they get
WordPress to do the dirty work.
One way to do that is to use the Comment Moderation box. Choose Settings→Discussion
and fill the box with words you don’t want to allow (one per line). If a comment uses
a restricted word, WordPress adds it to the list of comments that need your review,
even if you approved an earlier comment from the same person, and even if you
disabled moderation (page 275). However, mind the fact that WordPress checks not
only whole words, but within words as well, so if you disallow ass, WordPress won’t
allow jackass or Assyria. If you want to be even stricter, you can use the Comment
Blacklist box instead of the Comment Moderation box. You again provide a list of
offensive words, but this time WordPress sends offending comments straight to
your spam folder.
If you run a self-hosted site, you can use a gentler approach, one that replaces
objectionable words but still allows the comment. For example, the WP Content
Filter plug-in ( changes words you don’t want
(like jackass) with an appropriately blanked-out substitution (like j******, j*****s or
*******). Of course, crafty commenters will get around these limitations by adding
spaces and dashes (jack a s s), replacing letters with similar-looking numbers or
special characters (jacka55), or just using creative misspellings (jackahss). So if you
have a real problem with inappropriate comments and you can’t tolerate them even
temporarily (in other words, before you have the chance to find and remove them),
then you need to keep using strict moderation on your site so you get the chance
to review every comment before it’s published.

