WP-Safety

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Security & Risk Analysis

wordpress.org/plugins/disable-comments

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M active installs v2.6.2 PHP 5.6+ WP 5.0+ Updated Jan 20, 2026
delete-commentsdisable-commentsremove-commentsspam-protectionstop-spam
99
A · Safe
CVEs total1
Unpatched0
Last CVEAug 1, 2014
Plugin page Download
Safety Verdict

Is Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Safe to Use in 2026?

Generally Safe

Score 99/100

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 1, 2014Updated 2mo ago
Risk Assessment

The disable-comments plugin v2.6.2 generally exhibits good security practices. The static analysis shows a well-protected attack surface with all identified AJAX handlers and no unprotected REST API routes, shortcodes, or cron events. The code also demonstrates strong adherence to security by using prepared statements for a high percentage of SQL queries and properly escaping most outputs. The absence of dangerous functions and file operations further contributes to a positive security posture. However, a notable concern arises from the presence of one flow with an unsanitized path, even though it did not register as a critical or high severity issue. The plugin's vulnerability history, while dated, indicates a past high-severity vulnerability of the Cross-Site Request Forgery (CSRF) type. The fact that the last vulnerability was in 2014 and is currently unpatched suggests a potential for older, unaddressed issues or a need for more frequent security audits. Despite the dated history, the presence of a past high-severity CSRF vulnerability warrants caution. In conclusion, the plugin is reasonably secure due to its robust implementation of fundamental security checks and input sanitization, but the historical CSRF vulnerability and the single unsanitized path flow suggest areas for potential improvement and vigilant monitoring.

Key Concerns

  • Flow with unsanitized path
  • Past high severity vulnerability (2014)
Vulnerabilities
1

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2014-2550high · 8.8Cross-Site Request Forgery (CSRF)

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery

Aug 1, 2014 Patched in 1.0.4 (3462d)
Code Analysis
Analyzed Mar 16, 2026

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
32 prepared
Unescaped Output
4
223 escaped
Nonce Checks
5
Capability Checks
6
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

82% prepared39 total queries

Output Escaping

98% escaped227 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
send_data (includes\class-plugin-usage-tracker.php:455)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_disable_comments_save_settingsdisable-comments.php:49
authwp_ajax_disable_comments_delete_commentsdisable-comments.php:50
authwp_ajax_get_sub_sitesdisable-comments.php:51
WordPress Hooks 47
actioninitdisable-comments.php:55
actionplugins_loadeddisable-comments.php:111
actionwp_loadeddisable-comments.php:112
filterdebug_informationdisable-comments.php:115
actionwidgets_initdisable-comments.php:335
filterwp_headersdisable-comments.php:336
actiontemplate_redirectdisable-comments.php:337
actiontemplate_redirectdisable-comments.php:340
actionadmin_initdisable-comments.php:341
filterrest_endpointsdisable-comments.php:344
filterrest_pre_dispatchdisable-comments.php:345
filterrest_comment_querydisable-comments.php:346
filterxmlrpc_methodsdisable-comments.php:351
filterrest_endpointsdisable-comments.php:355
filterrest_pre_insert_commentdisable-comments.php:356
filterrest_pre_dispatchdisable-comments.php:357
filterrest_comment_querydisable-comments.php:358
actionwp_loadeddisable-comments.php:362
actionenqueue_block_editor_assetsdisable-comments.php:364
actionadmin_enqueue_scriptsdisable-comments.php:366
filtercomment_status_linksdisable-comments.php:369
actionall_admin_noticesdisable-comments.php:398
filtercomments_arraydisable-comments.php:402
filtercomments_opendisable-comments.php:403
filterpings_opendisable-comments.php:404
filterget_comments_numberdisable-comments.php:405
actionall_admin_noticesdisable-comments.php:410
actionnetwork_admin_menudisable-comments.php:412
actionnetwork_admin_menudisable-comments.php:413
filternetwork_admin_plugin_action_linksdisable-comments.php:414
actionadmin_menudisable-comments.php:416
actionadmin_menudisable-comments.php:417
filterplugin_action_linksdisable-comments.php:418
actionadmin_noticesdisable-comments.php:423
filterplugin_row_metadisable-comments.php:424
actionadmin_menudisable-comments.php:427
actionadmin_print_styles-index.phpdisable-comments.php:428
actionadmin_print_styles-profile.phpdisable-comments.php:429
actionwp_dashboard_setupdisable-comments.php:430
filterpre_option_default_pingback_flagdisable-comments.php:431
actiontemplate_redirectdisable-comments.php:436
filterfeed_links_show_comments_feeddisable-comments.php:439
filtercomments_templatedisable-comments.php:466
actionadmin_bar_menudisable-comments.php:690
filtershow_recent_comments_widget_styledisable-comments.php:982
actiondisable_comments_noticeincludes\class-plugin-usage-tracker.php:163
actionadmin_footer-plugins.phpincludes\class-plugin-usage-tracker.php:168
Maintenance & Trust

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version5.6
Downloads31.7M

Community Trust

Rating94/100
Number of ratings276
Active installs1.0M
Alternatives

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Alternatives

Habibur Comment Blocker

Habibur Comment Blocker

habibur-comment-blocker

A
100

Effortlessly disable comments and pingbacks sitewide to improve performance and security.

0 No CVEs
Yakura Commenti – Disable & Remove Comments

Yakura Commenti – Disable & Remove Comments

yakura-commenti

A
100

Disable and remove comments site-wide or per post type. Control REST API, feeds, XML-RPC, admin UI, and avatars. Multisite ready

0 No CVEs
WP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove Comments

WP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove Comments

delete-all-comments-of-website

A
100

Delete comments, disable comments, and remove comments in one click. Bulk delete spam and all comments to optimize your WordPress database easily.

20K No CVEs
Disable Comments & Delete All Comments

Disable Comments & Delete All Comments

comments-plus

A
100

Disable comments globally on all posts or certain post types. Delete all comments at once, by post type or comment status. Manage links in comments.

8K No CVEs
Turn Off Comments — Hide Comment Box and Stop Spam

Turn Off Comments — Hide Comment Box and Stop Spam

turn-off-comments

A
100

Remove comments functionality from your website!

1K No CVEs
Developer Profile

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
163 days
View full developer profile
Detection Fingerprints

How We Detect Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/disable-comments/assets/css/admin.css/wp-content/plugins/disable-comments/assets/js/admin.js/wp-content/plugins/disable-comments/assets/css/disable-comments.css/wp-content/plugins/disable-comments/assets/js/disable-comments.js/wp-content/plugins/disable-comments/assets/js/disable-comments-admin.js/wp-content/plugins/disable-comments/assets/js/notice.js
Script Paths
/wp-content/plugins/disable-comments/assets/js/admin.js/wp-content/plugins/disable-comments/assets/js/disable-comments.js/wp-content/plugins/disable-comments/assets/js/disable-comments-admin.js/wp-content/plugins/disable-comments/assets/js/notice.js
Version Parameters
/wp-content/plugins/disable-comments/assets/css/admin.css?ver=/wp-content/plugins/disable-comments/assets/js/admin.js?ver=/wp-content/plugins/disable-comments/assets/css/disable-comments.css?ver=/wp-content/plugins/disable-comments/assets/js/disable-comments.js?ver=/wp-content/plugins/disable-comments/assets/js/disable-comments-admin.js?ver=/wp-content/plugins/disable-comments/assets/js/notice.js?ver=

HTML / DOM Fingerprints

CSS Classes
disable-comments-settings-wrapdisable-comments-notice
HTML Comments
<!-- DC Settings --><!-- Disable Comments Admin Notice -->
Data Attributes
data-plugin-slug="disable_comments_settings"data-disable-comments-nonce
JS Globals
window.disable_comments_settingswindow.disable_comments_ajax_object
REST Endpoints
/wp-json/disable-comments/v1/settings/wp-json/disable-comments/v1/delete-comments
FAQ

Frequently Asked Questions about Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]