WP-Safety

Comment Cleaner — Bulk Delete & Disable Comments Security & Risk Analysis

wordpress.org/plugins/delete-all-comments-of-website

Delete, export, import, and manage WordPress comments with bulk tools and comment-control settings.

20K active installs v7.0 PHP 7.2+ WP 5.0+ Updated Apr 14, 2026
bulk-deletedelete-all-commentsdelete-commentsdisable-commentsremove-comments
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Comment Cleaner — Bulk Delete & Disable Comments Safe to Use in 2026?

Generally Safe

Score 100/100

Comment Cleaner — Bulk Delete & Disable Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'delete-all-comments-of-website' plugin version 6.8 exhibits a generally strong security posture. All identified AJAX and REST API entry points appear to have authentication and permission checks, which is a significant strength. The absence of known CVEs, common vulnerability types, and any recorded vulnerabilities suggests a history of responsible development and patching, or a lack of targeted attacks. However, the code analysis reveals some areas for improvement. A notable concern is the proportion of SQL queries (24%) not using prepared statements, which could be susceptible to SQL injection if user input is not meticulously handled. Additionally, while most output is escaped, 28% of outputs are not properly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities. The presence of unsanitized paths in taint analysis, though not critical, warrants attention as it can be an indicator of potential path traversal or file system vulnerabilities.

Key Concerns

  • SQL queries not using prepared statements
  • Output escaping is not fully robust
  • Unsanitized paths in taint analysis
Vulnerabilities
None known

Comment Cleaner — Bulk Delete & Disable Comments Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Comment Cleaner — Bulk Delete & Disable Comments Release Timeline

v7.0Current
v6.8
v6.7
v6.6
v6.5
v6.4
v6.3
v6.2
v6.1
v6.0
v5.8
Code Analysis
Analyzed Mar 16, 2026

Comment Cleaner — Bulk Delete & Disable Comments Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
7 prepared
Unescaped Output
26
67 escaped
Nonce Checks
7
Capability Checks
6
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

24% prepared29 total queries

Output Escaping

72% escaped93 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
nav_delete_comment (delete-all-comments-of-wordpress-website.php:1237)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Comment Cleaner — Bulk Delete & Disable Comments Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_nav_reset_comment_settingsdelete-all-comments-of-wordpress-website.php:255
authwp_ajax_nav_import_comments_ajaxdelete-all-comments-of-wordpress-website.php:1184
authwp_ajax_nav_export_comments_ajaxdelete-all-comments-of-wordpress-website.php:1185
authwp_ajax_nav_save_comment_settingsdelete-all-comments-of-wordpress-website.php:1186
authwp_ajax_nav_delete_comments_ajaxdelete-all-comments-of-wordpress-website.php:1187
WordPress Hooks 22
actionadmin_enqueue_scriptsdelete-all-comments-of-wordpress-website.php:52
actionadmin_menudelete-all-comments-of-wordpress-website.php:54
actioninitdelete-all-comments-of-wordpress-website.php:58
filterall_pluginsdelete-all-comments-of-wordpress-website.php:75
actionadmin_noticesdelete-all-comments-of-wordpress-website.php:129
filtercomments_opendelete-all-comments-of-wordpress-website.php:649
filterpings_opendelete-all-comments-of-wordpress-website.php:650
filtercomments_opendelete-all-comments-of-wordpress-website.php:666
filterpings_opendelete-all-comments-of-wordpress-website.php:667
filteravatar_defaultsdelete-all-comments-of-wordpress-website.php:675
filterxmlrpc_methodsdelete-all-comments-of-wordpress-website.php:683
filterrest_pre_dispatchdelete-all-comments-of-wordpress-website.php:693
filtercomments_opendelete-all-comments-of-wordpress-website.php:740
filterpings_opendelete-all-comments-of-wordpress-website.php:741
actionwpdelete-all-comments-of-wordpress-website.php:1756
filtercron_schedulesdelete-all-comments-of-wordpress-website.php:1770
actionnav_auto_delete_spam_eventdelete-all-comments-of-wordpress-website.php:1811
actionadmin_noticesdelete-all-comments-of-wordpress-website.php:1822
actionadmin_noticesdelete-all-comments-of-wordpress-website.php:1836
actionadmin_noticesdelete-all-comments-of-wordpress-website.php:1840
actionadmin_initdelete-all-comments-of-wordpress-website.php:1847
actionadmin_menudelete-all-comments-of-wordpress-website.php:1861

Scheduled Events 3

nav_auto_delete_spam_event
nav_auto_delete_spam_event
nav_auto_delete_spam_event
Maintenance & Trust

Comment Cleaner — Bulk Delete & Disable Comments Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 14, 2026
PHP min version7.2
Downloads571K

Community Trust

Rating94/100
Number of ratings58
Active installs20K
Alternatives

Comment Cleaner — Bulk Delete & Disable Comments Alternatives

Disable Comments & Delete All Comments

Disable Comments & Delete All Comments

comments-plus

A
100

Disable comments globally on all posts or certain post types. Delete all comments at once, by post type or comment status. Manage links in comments.

9K No CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
CRUDLab Disable Comments

CRUDLab Disable Comments

crudlab-disable-comments

A
85

CRUDLab Disable Comments plugin allows you to disable comments for any page or post or for whole site.

700 No CVEs
Comments Shield – Disable Comments & Stop Spam, Bulk Delete & Remove Comments

Comments Shield – Disable Comments & Stop Spam, Bulk Delete & Remove Comments

comments-shield

A
100

Delete, disable, and clean all comments in one click. Easily manage, bulk delete, or completely disable comments across your entire WordPress site.

40 No CVEs
Habibur Comment Blocker

Habibur Comment Blocker

habibur-comment-blocker

A
100

Effortlessly disable comments and pingbacks sitewide to improve performance and security.

0 No CVEs
Developer Profile

Comment Cleaner — Bulk Delete & Disable Comments Developer Profile

royalnavneet

4 plugins · 20K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Comment Cleaner — Bulk Delete & Disable Comments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/delete-all-comments-of-website/css/nav-comments-admin.css/wp-content/plugins/delete-all-comments-of-website/js/nav-comments-admin.js
Script Paths
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.jshttps://cdn.jsdelivr.net/npm/sweetalert2@11.0.19/dist/sweetalert2.all.min.js
Version Parameters
nav-comments-admin?ver=

HTML / DOM Fingerprints

Data Attributes
data-nav_action
JS Globals
navCommentsSettings
FAQ

Frequently Asked Questions about Comment Cleaner — Bulk Delete & Disable Comments