Home » Blog » Cybersecurity » Cybersecurity » How To Replace HTML Characters With HTML Entities In WordPress Comments
Change HTML characters to entities in WordPress comments

How To Replace HTML Characters With HTML Entities In WordPress Comments

Replacing HTML characters with entities

Comments are a great form of discussion for any WordPress blog or website. Many comments are used to create or induce conversations – expanding blog posts beyond epic proportions, and a lot of comment systems are used to provide support for products (among a million other uses for comments). But a lot of the time WordPress comments are filled with spam.
All WordPress blogs and websites are attacked by a large amount of spam comments daily and without the use of properly configured WordPress plugins (etc.), spam comments are always going to happen to everyone with a WordPress website. I repeat, spam comments will always happen to everyone with a WordPress website, from big companies to small website’s which only have 1 sample post.

Spam comments will never leave unless you properly filter them, but this post is not about filtering spam comments, it’s about changing HTML characters to HTML entities inside WordPress comments.

You can moderate comments and allow them to only appear on your WordPress website with administrative approval, but that’s not a solution for everyone. Some WordPress users would like to allow and provoke the use of their website’s comment system and making their users/visitors wait for their comments to be approved by a moderator is a flawed process.

This is why we have provided an easy PHP function to turn HTML characters into HTML entities in WordPress comments.

Why replace HTML characters with HTML entities?


HTMLHTML characters like <a> tags are used by many spammers to create links, banners, etc. WordPress automatically allows the use of HTML characters in comments unless your theme theme supports the function to turn it off, mainly because of the common use of HTML characters which are reversed in plain text (numbers, symbols, some letters) like the less than sign <.

Replacing characters with entities will make sure spam links are not “clickable” and appear as spam before they are rightfully moderated and removed by the WordPress site administrator.

1. Example: A spammer uses an <a> tag hypertext reference (href) to anchor their website

HTML Characters

<a href=”http://spammer.com/baseball-cards”>Buy baseball cards</a>

In comments this looks like: Buy baseball cards

HTML Entities

When translated from character to entity the spam comment now looks like this:

&#60; &#170; + &#34; http://spammer.com/baseball-cards &#34;  &#62; Buy baseball cards &#60; / &#170; &#62;

 How to change HTML characters to HTML entities

Down Copy and paste the code below into your functions.php file.

function plc_comment_post( $incoming_comment ) {
	$incoming_comment['comment_content']
 = htmlspecialchars($incoming_comment['comment_content']);
	$incoming_comment['comment_content']
 = str_replace( "'", ''', $incoming_comment['comment_content'] );
	return( $incoming_comment );
}

function plc_comment_display( $comment_to_display ) {
	$comment_to_display = str_replace( ''', "'", $comment_to_d
isplay );
	return $comment_to_display;
}

add_filter('preprocess_comment', 'plc_comment_post', '', 1);
add_filter('comment_text', 'plc_comment_display', '', 1);
add_filter('comment_text_rss', 'plc_comment_display', '', 1);
add_filter('comment_excerpt', 'plc_comment_display', '', 1);
Learn more about HTML entities: http://www.w3schools.com/html/html_entities.asp

Lead Editor

Sean is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. He is featured in several publications.

More Reading

Post navigation

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How To Remove The Website URL Option From WordPress Comments

The best bbPress shortcodes for WordPress

How to block access to wp-admin page