How to manage your comment settings in WordPress - More info in the WordPress Tutorial from

With the comment function, users can comment and discuss your contributions in your WordPress blog. Comments are an elementary feature of WordPress and are enabled by default for all posts. In this article we describe the configuration possibilities of comments in WordPress.

Where do WordPress comments appear?

The comment function appears below the posts. The WordPress comment function is activated by default. The comments do not appear on the start or category page, but only in the detailed view of the contributions.

Comment field under a post in Standard WordPress Theme
Comment field under a post in Standard WordPress Theme

Enable nested comments in WordPress

By default, the comments are simply displayed one below the other, but this makes it difficult to distinguish the responses to comments optically from new comments. Therefore, it makes sense to activate nesting in comments. To do this, switch in the backend to the "Settings" and there to the submenu "Discussion". In the settings area "Further comment settings" set a check mark at "Organize nested comments in 5 levels".

Discussion settings (comment settings) in the WordPress backend
Discussion settings (comment settings) in the WordPress backend

Sort WordPress Comments

WordPress displays the latest comments at the end of the comments. If you want to change this sorting so that the latest comments are at the beginning, you can also change this in the settings dialog. In the screenshot above, you will see "The oldest comments should be at the top" in the last line. Simply change the selection field and then click on "Save changes". From now on, the latest comments will be at the top.

Prevent comment spam in WordPress

Comments are a nice thing, they allow the blog operator to easily get in touch with its readers and discuss. Unfortunately, the comment columns have always been misused by automated bots to link to websites. Links are very valuable for optimizing search results.

In the meantime, however, search engines have also learned to ignore these comment spam links accordingly. Unfortunately the link spammers apparently haven't noticed this yet and so they still flood the comment columns of the blogs with stupid comments and links. In the worst case these spam links can even harm your blog, because you link to dubious sites and Google punishes you with bad search results. You should therefore make the following basic settings in your blog:

Comments must be unlocked

With this setting, the comments are not published immediately, but only after your manual activation. The setting for this can be found in the discussion settings.

Further comment settings
Further comment settings

Activate the option "the comment must be released manually". So that you don't miss to release the comments, you should additionally activate the option "someone writes a comment" in the setting "Send me an e-mail when". This is the first setting on the screenshot above.

With this measure you will no longer publish spam comments and spam links, at least not without knowing it.

Filter spam comments automatically via plugin

Since comment spam has not only been around since yesterday and manual unlocking of comments can also be time-consuming and annoying, there are plugins that automatically recognize spam comments. The best known of these plugins is "Akismet Anti Spam" by Automattic, directly from the WordPress "inventors". The plugin is installed with a standard WordPress installation, but must be activated before it can start working. You can find the plugin in the "Plugin" menu under "Installed Plugins".

Akismet Anti-Spam Plugin
Akismet Anti-Spam Plugin

To activate the plugin, click on the "Activate" link under the plugin name. In the next step you have to open an Akismet account, click on the button "Open your Akismet account".

Create account for Akismet
Create account for Akismet

In the next step click on the button "Get your API key". A new window will open and the website will be opened. An API key is your password that you need for the plugin configuration.

Click on the blue button to go to the Akismet page
Click on the blue button to go to the Akismet page

On the Akismet page click on the button "Activate Akismet", then enter your e-mail address and a password. Then select a tariff. For personal sites Akismet is free, for commercial sites there are two additional rates. Depending on which tariff you choose, you will have to enter payment details in the next step.

If everything works out, then Akismet calls up your blog page and transfers the API key, so that the plugin is activated without further steps.

Everything wonderful, the spam will be fought quietly from now on
Everything wonderful, the spam will be fought quietly from now on

In the upper screenshot you can see the settings of the Akismet plugin. For security reasons we recommend to activate the privacy policy (disabled by default), then click on "Save changes".

Disable WordPress Comments

We have recently disabled all comments in our blog. The reason: We received almost exclusively spam comments, some of which were so well camouflaged that even Akismet did not recognize them automatically.

To deactivate the comments, go to the discussion settings. In the first block you remove the tick at the setting "Allow visitors to comment on new posts".

Disable comments for new posts
Disable comments for new posts

Deactivate/deactivate Wordpress comments globally

This change in the discussion settings will disable the comment function for new posts. All existing comments and also the possibility of commenting on old articles remain. Since the spammers don't care in which blog and post they post their spam, we recommend to deactivate the comment function globally.

With the plugin "Disable Comments" you can deactivate all comments and comment functions in the entire WordPress blog. After activating this plugin, you can no longer add comments to the entire blog.

To install the plugin, click on "Plugins" in the backend and then on "Install". In the search field at the top right, enter the search term "disable comments".

Disable comments with Disable Comments
Disable comments with "Disable Comments"

When you see the first plugin in the search result, click on "Install now". Then click on the "Activate" button. After the activation your installed plugins will be displayed.

After installation Disable Comments appears in the plugin list
After installation "Disable Comments" appears in the plugin list

Via the link "Settings" you can configure the plugin. You have the possibility to choose the page type in which the comments should be deactivated, additionally you can deactivate comments globally (everywhere).

Possible settings of the plugin
Possible settings of the plugin

You can also delete existing comments with the plugin. Click on the link "Tools". In the following dialog you choose where you want to delete the comments, analogous to the general settings. And also here you have the possibility to delete all comments in the blog.

Use the tool to delete existing comments
Use the tool to delete existing comments

WordPress Comments and the GDPR

In May 2018, the Basic Data Protection Regulation (GDPR) came into force. Many of the provisions of the GDPR also apply directly to WordPress. Since version 4.9.6 some changes have been integrated into WordPress which correspond to these specifications:

  • A checkbox has been added to the comment forms to accept the setting of cookies;
  • There are tools for exporting and deleting personal data;
  • And much more.

Disable Gravatar in Comments

The "Gravatar" function is activated by default in WordPress. With this function, all comments are synchronized with the Gravatar database via the e-mail address. According to GDPR this is not allowed. To deactivate this function, open the discussion settings in the backend:

Avatars should be disabled for privacy reasons
Avatars should be disabled for privacy reasons

With the option "Avatar display" you remove the tick at "Show avatars".

Remove IP addresses in WordPress

In addition to the e-mail addresses of the commentators, the IP addresses are stored. Since the IP addresses are personal data of the users and the IP addresses are not necessarily required for the comment function, they should not be collected and stored.

The plugin "Remove Comment IP" ( removes the IP addresses of the commentators from the WordPress database and thus ensures a DSGVO-compliant comment function.

To install the plugin, call up the "Plugin" page in the backend and then the "Install" sub-item. Search for "Remove Comment IP". Click on "Install" and then on "Activate".

Remove IP addresses with Remove Comment IP
Remove IP addresses with "Remove Comment IP"

The plugin stores the IP addresses for 60 days after activation. After 60 days the IP addresses will be deleted.

Enable SSL Encryption for WordPress

If users enter comments in your blog, personal data is transferred between the user's browser and the WordPress server. To ensure that this data cannot be accessed by third parties, the transmission must be encrypted. For this you need an installed SSL certificate on your WordPress server. You can check in the browser line whether your website is already encrypted.

Google Chrome displays the page as Not secure.
Google Chrome displays the page as "Not secure".

A closed lock is displayed for secure connections, and additional information on encryption can be obtained by clicking on the lock.

Further information on encryption
Further information on encryption

The SSL certificates are already included in Checkdomain's hosting packages and can easily be activated with just a few clicks.


Comments are a nice way to get in touch with users and discuss. However, if the comment columns are abused by spam bots, you need to take action. In addition, the provisions of the DSGVO must also be observed. So some manual work is necessary to use the comment function in WordPress sensibly.

Other products you might be interested in
Website Builder
Create your own website without any programming knowledge.
Create a Website
Concentrate fully on your project! Performance and security included.
Optimize your Web site and achieve top rankings.
Website optimization
SSL Certificates
For your site, more safety protect yourself from hacker attacks.
Quickly protect