The WordPress commenting feature by default allows you to use some HTML elements within the comments. You may welcome the comments with the HTML element if the elements are used for content with strong importance, or urgency by using the
<strong> tag which typically renders the content in bold type, or emphasizes the text using the
<em> tag to turn the text to italics.
Unfortunately, spam comments also love to use HTML elements, especially the hyperlink (
<a>) tag to promote their website’s links to increase their page rank, or in the worst case, the link may lead the user to visit a malicious site where they could become victims of cybersecurity attacks.
Disabling the HTML support for Commenting Feature
Now, before you start disabling the HTML support for the comment feature, you may want to back up your site and use a child theme to avoid breaking the parent theme or losing your changes when you update your theme as this tutorial will instruct you to place some custom code in the functions.php file of the theme.
Once you’re ready, navigate to Appearance → Theme File Editor from your WordPress dashboard. Once you’ve arrived at the Edit Themes page, open the functions.php file from the Theme Files list by clicking it. Continue by copying the following code:
add_filter( 'pre_comment_content', 'wp_filter_nohtml_kses' );
You can place the custom code in your functions.php file under the PHP tag
and outside of any existing function. And once the code is in place, save the changes by clicking the Update File button at the bottom of the page.
Now, your comment section will not show any changes even when they use the HTML tag when they post a comment, which includes the hyperlink tag
<a> used for spam links, or text modifiers like
<strong> for Bold and many more.
The Bottom Line
The HTML element in the comment may become helpful if used for the relevant content, however, spam comments also love to use HTML tags to promote their website’s links to increase their page rank, or in the worst case, the link may lead the user to visit a malicious site where they could become victims of cybersecurity attacks.
This article shows you how to disable the HTML elements on WordPress commenting future. And you may want to disable the website field to gain more protection from the spam comment by reading our previous article on How to Remove Website Field from Comment Form in WordPress.