With the comment function, users can comment and discuss your contributions in your WordPress blog. Comments are an elementary feature of WordPress and are enabled by default for all posts. In this article we describe the configuration possibilities of comments in WordPress.
The comment function appears below the posts. The WordPress comment function is activated by default. The comments do not appear on the start or category page, but only in the detailed view of the contributions.
By default, the comments are simply displayed one below the other, but this makes it difficult to distinguish the responses to comments optically from new comments. Therefore, it makes sense to activate nesting in comments. To do this, switch in the backend to the "Settings" and there to the submenu "Discussion". In the settings area "Further comment settings" set a check mark at "Organize nested comments in 5 levels".
WordPress displays the latest comments at the end of the comments. If you want to change this sorting so that the latest comments are at the beginning, you can also change this in the settings dialog. In the screenshot above, you will see "The oldest comments should be at the top" in the last line. Simply change the selection field and then click on "Save changes". From now on, the latest comments will be at the top.
Comments are a nice thing, they allow the blog operator to easily get in touch with its readers and discuss. Unfortunately, the comment columns have always been misused by automated bots to link to websites. Links are very valuable for optimizing search results.
In the meantime, however, search engines have also learned to ignore these comment spam links accordingly. Unfortunately the link spammers apparently haven't noticed this yet and so they still flood the comment columns of the blogs with stupid comments and links. In the worst case these spam links can even harm your blog, because you link to dubious sites and Google punishes you with bad search results. You should therefore make the following basic settings in your blog:
With this setting, the comments are not published immediately, but only after your manual activation. The setting for this can be found in the discussion settings.
Activate the option "the comment must be released manually". So that you don't miss to release the comments, you should additionally activate the option "someone writes a comment" in the setting "Send me an e-mail when". This is the first setting on the screenshot above.
With this measure you will no longer publish spam comments and spam links, at least not without knowing it.
Since comment spam has not only been around since yesterday and manual unlocking of comments can also be time-consuming and annoying, there are plugins that automatically recognize spam comments. The best known of these plugins is "Akismet Anti Spam" by Automattic, directly from the WordPress "inventors". The plugin is installed with a standard WordPress installation, but must be activated before it can start working. You can find the plugin in the "Plugin" menu under "Installed Plugins".
To activate the plugin, click on the "Activate" link under the plugin name. In the next step you have to open an Akismet account, click on the button "Open your Akismet account".
In the next step click on the button "Get your API key". A new window will open and the website akismet.com/wordpress/ will be opened. An API key is your password that you need for the plugin configuration.
On the Akismet page click on the button "Activate Akismet", then enter your e-mail address and a password. Then select a tariff. For personal sites Akismet is free, for commercial sites there are two additional rates. Depending on which tariff you choose, you will have to enter payment details in the next step.
If everything works out, then Akismet calls up your blog page and transfers the API key, so that the plugin is activated without further steps.
In the upper screenshot you can see the settings of the Akismet plugin. For security reasons we recommend to activate the privacy policy (disabled by default), then click on "Save changes".
We have recently disabled all comments in our checkdomain.de blog. The reason: We received almost exclusively spam comments, some of which were so well camouflaged that even Akismet did not recognize them automatically.
To deactivate the comments, go to the discussion settings. In the first block you remove the tick at the setting "Allow visitors to comment on new posts".
This change in the discussion settings will disable the comment function for new posts. All existing comments and also the possibility of commenting on old articles remain. Since the spammers don't care in which blog and post they post their spam, we recommend to deactivate the comment function globally.
With the plugin "Disable Comments" you can deactivate all comments and comment functions in the entire WordPress blog. After activating this plugin, you can no longer add comments to the entire blog.
To install the plugin, click on "Plugins" in the backend and then on "Install". In the search field at the top right, enter the search term "disable comments".
When you see the first plugin in the search result, click on "Install now". Then click on the "Activate" button. After the activation your installed plugins will be displayed.
Via the link "Settings" you can configure the plugin. You have the possibility to choose the page type in which the comments should be deactivated, additionally you can deactivate comments globally (everywhere).
You can also delete existing comments with the plugin. Click on the link "Tools". In the following dialog you choose where you want to delete the comments, analogous to the general settings. And also here you have the possibility to delete all comments in the blog.
In May 2018, the Basic Data Protection Regulation (GDPR) came into force. Many of the provisions of the GDPR also apply directly to WordPress. Since version 4.9.6 some changes have been integrated into WordPress which correspond to these specifications:
The "Gravatar" function is activated by default in WordPress. With this function, all comments are synchronized with the Gravatar database via the e-mail address. According to GDPR this is not allowed. To deactivate this function, open the discussion settings in the backend:
With the option "Avatar display" you remove the tick at "Show avatars".
In addition to the e-mail addresses of the commentators, the IP addresses are stored. Since the IP addresses are personal data of the users and the IP addresses are not necessarily required for the comment function, they should not be collected and stored.
The plugin "Remove Comment IP" (https://wordpress.org/plugins/remove-comment-ips/) removes the IP addresses of the commentators from the WordPress database and thus ensures a DSGVO-compliant comment function.
To install the plugin, call up the "Plugin" page in the backend and then the "Install" sub-item. Search for "Remove Comment IP". Click on "Install" and then on "Activate".
The plugin stores the IP addresses for 60 days after activation. After 60 days the IP addresses will be deleted.
If users enter comments in your blog, personal data is transferred between the user's browser and the WordPress server. To ensure that this data cannot be accessed by third parties, the transmission must be encrypted. For this you need an installed SSL certificate on your WordPress server. You can check in the browser line whether your website is already encrypted.
A closed lock is displayed for secure connections, and additional information on encryption can be obtained by clicking on the lock.
The SSL certificates are already included in Checkdomain's hosting packages and can easily be activated with just a few clicks.
Comments are a nice way to get in touch with users and discuss. However, if the comment columns are abused by spam bots, you need to take action. In addition, the provisions of the DSGVO must also be observed. So some manual work is necessary to use the comment function in WordPress sensibly.