By default WordPress allows several HTML tags in comment form. These are the default allowed tags:
<a href="" title=""> <abbr title="">
<acronym title=""> <b> <blockquote cite="">
<cite> <code> <del datetime="">
<em> <i> <q cite=""> <s> <strike> <strong>
Above list can be different for you if your theme or any plugin is removing or adding more of these tags. You can check by printing allowed_tags
function. Simply put echo allowed_tags();
in the functions.php
file of your active theme, and load any page. You will see the available tags.
Now, how do we disable all of these tags from comment form? Specially the a href
tag is very popular among spammers.
We can utilize pre_comment_content
and comment_text
filters. comment_text
filter will only control the comment output. Means, if we use this filter to remove html tags, it will only remove those tags from frontend. You will still see them on comments in wp admin. This is useful, if you already has many comments on your site. On the other hand, pre_comment_content
filter will filter out html tags before comment is being saved in database.
We also need to keep in mind that if someone puts a direct url (example: https://careless.dev/ ) in the comment form, it will be converted to a clickable link. This is because by default WordPress filters comment_text
with make_clickable
function. We will also remove that. So our code becomes:
add_filter('pre_comment_content', 'wp_filter_nohtml_kses');
add_filter('comment_text', 'wp_filter_nohtml_kses');
add_filter('comment_text_rss', 'wp_filter_nohtml_kses');
add_filter('comment_excerpt', 'wp_filter_nohtml_kses');
//remove clickable links/urls from comment
remove_filter('comment_text', 'make_clickable', 9);
wp_filter_nohtml_kses
is a builtin WordPress function to strip all HTML tags from any string.
Code goes in the functions.php
file of your active theme.