[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fF0vLHZUDqRZVMN07WmwVGcQLr97rWgYDp4ipVQ-igVU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":144,"fingerprints":222},"incomment-referrer","InComment","0.4","Rhys Wynne","https:\u002F\u002Fprofiles.wordpress.org\u002Frhyswynne\u002F","\u003Cp>This plugin quite simply lets you know where the users entered your site when they leave a comment. A lot of people who joined the do-follow movement are listed on sites which are a target for comment spammers. To those who suffer comment spam can now find out the page they come from, and block accordingly.\u003C\u002Fp>\n\u003Cp>This plugin uses a cookie to track the commenter, so if the user hits the first page first, they will still be tracked.\u003C\u002Fp>\n","Adds an extra \"referral\" note to the bottom of comment forms, so you could see where people come from comment. Useful for finding resources  &hellip;",10,2241,0,"2011-01-10T21:32:00.000Z","3.0.5","2.8","",[19,20,21,22,23],"comment","cookie","dofollow","referral","spam","http:\u002F\u002Fwinwar.co.uk\u002Fplugins\u002Fincomment-comment-referrer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fincomment-referrer.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"rhyswynne",13,7020,93,476,74,"2026-04-04T13:44:01.050Z",[39,59,82,99,122],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":17,"tags":54,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cookies-for-comments","Cookies for Comments","0.5.5","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>This plugin adds a stylesheet or image to your blog’s html source code. When a browser loads that stylesheet or image a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam.\u003Cbr \u002F>\nThe plugin can also check how long it took a user to enter a comment. If it’s too fast it’s probably a spam bot. How fast can a legitimate user enter their name, email, web address and enter a well thought out comment?\u003C\u002Fp>\n\u003Cp>For the adventurous, add these lines to your .htaccess and it will block spam attempts before they ever get to WordPress. Replace the Xs with the cookie that was set in your browser after viewing your blog. You can also find the cookie value by examining the page source code and looking for “css.php?k=XXXXXXXXXXXXXXXXXXX”. Make sure the lines go above the standard WordPress rules.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$\n    RewriteRule ^wp-comments-post.php - [F,L]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If you use WordPress MU, replace wp-comments-post.php above with wp-signup.php to block spam signups.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    RewriteCond %{HTTP_COOKIE} !^.*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*$\n    RewriteRule ^wp-signup.php - [F,L]\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Sets a cookie on a random URL that is then checked when a comment is posted. If the cookie is missing the comment is marked as spam.",20000,106867,98,18,"2019-06-04T16:47:00.000Z","5.2.24","3.1",[55,56,23],"comments","cookies","http:\u002F\u002Focaoimh.ie\u002Fcookies-for-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcookies-for-comments.0.5.5.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":17,"tags":74,"homepage":80,"download_link":81,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-referrer-spam-blacklist","WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google\u002FMatomo) Analytics)","1.3.0","Umbrovskis.com","https:\u002F\u002Fprofiles.wordpress.org\u002Frolandinsh\u002F","\u003Cp>List of spammers in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-referrer-spam-blacklist\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No need for configuration! Plugin in background redirects referral spammer to blank page ( about:blank ). Redirect link can be altered via filter \u003Ccode>wp_referralblock_redirect_uri\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>NO auto update, as we see that as possible as security hole. We do not wan’t Your site to get hacked.\u003C\u002Fp>\n\u003Cp>Plugin is for sites that can’t edit their \u003Ccode>.htaccess\u003C\u002Fcode> or configure NGINX or Apache servers.\u003C\u002Fp>\n\u003Cp>Via \u003Ca href=\"http:\u002F\u002Fgo.mediabox.lv\u002F1LbSuKq\" rel=\"nofollow ugc\">my LinkedIN post\u003C\u002Fa>: Few months ago I started to collect referral spam pages in private file un bitbucket.org. Problem was that I did not know all spammers. Then, few weeks ago, I found that Matomo (Open source analytics) started their own “project”, and they did the same thing I did – collected referral spam sites to block them from Your website.\u003C\u002Fp>\n\u003Cp>On my own server I do that at server level, but some of my clients have hosting, where You can not edit server settings. This week I came up with another solution – WordPress plugin “WP referrer spam blacklist”. I will update list every week from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmatomo-org\u002Freferrer-spam-blacklist\" rel=\"nofollow ugc\">Matomo’s community-contributed list of spammers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If You have WordPress site and no knowledge about or access to server settings, I made that for You!\u003C\u002Fp>\n\u003Cp>From \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FReferer_spam\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Referrer spam (also known as log spam or referrer \nbombing) is a kind of spamdexing (spamming aimed \nat search engines). The technique involves making \nrepeated web site requests using a fake referer URL \nto the site the spammer wishes to advertise. Sites that \npublish their access logs, including referer statistics, \nwill then inadvertently link back to the spammer's site. \nThese links will be indexed by search engines \nas they crawl the access logs. \n\nThis benefits the spammer because the free link improves \nthe spammer site's search engine ranking owing \nto link-counting algorithms that search engines use.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Other plugins by author: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fitempropwp\u002F\" rel=\"ugc\">itemprop WP for SERP\u002FSEO Rich snippets\u003C\u002Fa> – Add schema.org itemprop code to the (custom) post content for search engines and bots for better SERP results\u003C\u002Fp>\n","WordPress plugin to fight with 2040+ referrer spammers (like semalt, buttons-for-website and many more).",700,19667,86,3,"2020-12-27T20:57:00.000Z","5.6.17","4.0",[75,76,77,78,79],"anti-spam","antispam","comment-moderation","comment-spam","referral-spam","https:\u002F\u002Fsimplemediacode.com\u002F?utm_source=WPplugin%3Awp-referrer-spam-blacklist&utm_medium=wordpressplugin&utm_campaign=FreeWordPressPlugins&utm_content=v-1.2.201801281","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-referrer-spam-blacklist.1.3.0.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":13,"downloaded":90,"rating":13,"num_ratings":13,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":17,"tags":94,"homepage":97,"download_link":98,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"comment-refs","CommentRefs","1.0.0","Kimsea Sok","https:\u002F\u002Fprofiles.wordpress.org\u002Fbasicblogtalk\u002F","\u003Cp>CommentRef was inspired by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcommentluv\u002F\" rel=\"ugc\">CommentLuv\u003C\u002Fa> after it leaked of update.\u003C\u002Fp>\n\u003Cp>The plugin provides awesome features that help with building bigger blogging community, engage more reading, and generating more leads to your blog. CommentRef adds a link to a recent post of the commentators to encourage more reading and commenting. It is brillant ways to provides more useful resources on your blog.\u003C\u002Fp>\n\u003Cp>Major features in CommentRefs includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add a link of commentator’s recent post underneath the comment content\u003C\u002Fli>\n\u003Cli>Share to get 10 post choice\u003C\u002Fli>\n\u003Cli>Configure dofollow or nofollow\u003C\u002Fli>\n\u003Cli>First comment redirect\u003C\u002Fli>\n\u003Cli>Low quality comment filtering\u003C\u002Fli>\n\u003Cli>CommentLuv migration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>CommentRefs is always free to everyone.\u003Cbr \u002F>\nPlease donate the author to keep the plugin update\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.me\u002Fkimofficial\" rel=\"nofollow ugc\">donate author\u003C\u002Fa>\u003C\u002Fp>\n","Build bigger community and inspire more reading by reward the commentator a link to their recent post.",2814,"2018-09-11T16:45:00.000Z","4.9.29","3.5",[95,96,55,23],"commentreferral","commentrefs","https:\u002F\u002Fgithub.com\u002Fkimseasok\u002FCommentRefs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-refs.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":117,"download_link":118,"security_score":119,"vuln_count":120,"unpatched_count":13,"last_vuln_date":121,"fetched_at":28},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,94,1173,"2025-11-12T16:31:00.000Z","6.9.4","5.8","7.2",[75,76,55,116,23],"contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,2,"2015-10-13 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":109,"num_ratings":132,"last_updated":133,"tested_up_to":112,"requires_at_least":134,"requires_php":102,"tags":135,"homepage":140,"download_link":141,"security_score":119,"vuln_count":142,"unpatched_count":13,"last_vuln_date":143,"fetched_at":28},"disable-comments","Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]","2.6.2","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Ch4>Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]\u003C\u002Fh4>\n\u003Cp>Enable\u002FDisable comments on any WordPress content (Pages, Posts, or Media) to stop spammers. WP-CLI, XML-RPC & REST-API support to stop spam comments.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">More About Plugin\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> ◼️ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEpuYs9Nf_nY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Take Global Control Over Your WordPress Site\u003C\u002Fh3>\n\u003Cp>Override all comments-related settings throughout your website & manage your comments just the way you want.\u003C\u002Fp>\n\u003Ch3>Disable Comments On Posts, Pages & Media\u003C\u002Fh3>\n\u003Cp>Choose which posts, pages or media should allow comments from site visitors & configure Disable Comments accordingly\u003C\u002Fp>\n\u003Ch3>Disallow Comments On Multi-Site Network\u003C\u002Fh3>\n\u003Cp>Have multiple websites? Get rid of irrelevant comments on the entire network using Disable Comments Plugin\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJ9AteKzQpPs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>KEY FEATURES OF DISABLE COMMENTS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All “Comments” links are hidden from the Admin Menu and Admin Bar.\u003C\u002Fli>\n\u003Cli>All comment-related sections (“Recent Comments”, “Discussion” etc.) are hidden from the WordPress Dashboard.\u003C\u002Fli>\n\u003Cli>All comment-related widgets are disabled (so your theme cannot use them).\u003C\u002Fli>\n\u003Cli>The “Discussion” settings page is hidden.\u003C\u002Fli>\n\u003Cli>All comment RSS\u002FAtom feeds are disabled (and requests for these will be redirected to the parent post).\u003C\u002Fli>\n\u003Cli>The X-Pingback HTTP header is removed from all pages.\u003C\u002Fli>\n\u003Cli>Outgoing pingbacks are disabled.\u003C\u002Fli>\n\u003Cli>Stop spam comments entirely from the site with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Delete comments by type.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Disable comments via \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-xml-rpc\u002F\" rel=\"nofollow ugc\">XML-RPC\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-disable-comments-made-via-rest-api\u002F\" rel=\"nofollow ugc\">REST-API\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Fully Multi-site Network supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Manage multiple website network-specific subsites or entire network comments in advance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[New]\u003C\u002Fstrong> Exclude Disable Comments Settings based on user roles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFBq3-W-p-DM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Please delete any existing comments on your site \u003Cstrong>before applying this setting\u003C\u002Fstrong>, otherwise (depending on your theme) those comments may still be displayed to visitors. You can use the \u003Cstrong>Delete Comments tool\u003C\u002Fstrong> to delete any existing comments on your site.\u003C\u002Fp>\n\u003Ch3>🌟 WHAT’S NEW WITH DISABLE COMMENTS 2.0\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>AMAZING USER FRIENDLY INTERFACE\u003C\u002Fstrong>\u003Cbr \u002F>\nEasily configure your comment-related settings with an amazing and attractive app-like user interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WP-CLI COMMANDS TO DISABLE COMMENTS\u003C\u002Fstrong>\u003Cbr \u002F>\nUse \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs\u002Fhow-to-use-disable-comments-plugin-with-wp-cli-command-line\u002F\" rel=\"nofollow ugc\">WP-CLI\u003C\u002Fa> control for comment-related settings to disable comments on posts, pages, attachments or everywhere on your website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fmzi5uhKB9Zk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>GET STARTED WITH QUICK SETUP WIZARD\u003C\u002Fstrong>\u003Cbr \u002F>\nUse the quick setup wizard after activating the plugin to instantly configure comment-related settings for your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS ON DOCS\u003C\u002Fstrong>\u003Cbr \u002F>\nInstantly disable comments on your documentation pages or WordPress knowledge base with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ft7BQ-7A4y4s?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DELETE CERTAIN COMMENT TYPE(S)\u003C\u002Fstrong>\u003Cbr \u002F>\nPermanently delete certain comment types from your WordPress website including WooCommerce product reviews as well as generic comments.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FIzm_ihC-z10?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DISABLE COMMENTS VIA XML-RPC And REST API\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock any comments made on your WordPress website via XML-RPC specification and REST API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important note\u003C\u002Fstrong>: Use this plugin if you don’t want comments at all on your site (or on certain post types). Don’t use it if you want to selectively disable comments on individual posts – WordPress lets you do that anyway. If you don’t know how to disable comments on individual posts, there are instructions in \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">the FAQ\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you come across any bugs or have suggestions, please use the plugin support forum. I can’t fix it if I don’t know it’s broken! Please check the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fstrong> for common issues.\u003C\u002Fp>\n\u003Cp>Want to contribute? Here’s the \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments\" rel=\"nofollow ugc\">GitHub development repository\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWPDevelopers\u002Fdisable-comments-mu\" rel=\"nofollow ugc\">must-use version\u003C\u002Fa> of the plugin is also available.\u003C\u002Fp>\n\u003Ch3>Advanced Configuration\u003C\u002Fh3>\n\u003Cp>Some of the plugin’s behavior can be modified by site administrators and plugin\u002Ftheme developers through code:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_REMOVE_COMMENTS_TEMPLATE\u003C\u002Fcode> and set it to \u003Ccode>false\u003C\u002Fcode> to prevent the plugin from replacing the theme’s comment template with an empty one.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Define \u003Ccode>DISABLE_COMMENTS_ALLOW_DISCUSSION_SETTINGS\u003C\u002Fcode> and set it to \u003Ccode>true\u003C\u002Fcode> to prevent the plugin from hiding the Discussion settings page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These definitions can be made either in your main \u003Ccode>wp-config.php\u003C\u002Fcode> or in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>THIS PLUGIN IS NOW MAINTAINED BY THE TEAM\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>💙 LOVED DISABLE COMMENTS?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>For documentation and tutorials go to our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fdocs-category\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For video tutorials go to our \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=J9AteKzQpPs&list=PLWHp1xKHCfxD2_xOIR5dMAGf3wd4hv-8K\" rel=\"nofollow ugc\">YouTube Playlist\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">Facebook Group\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you love Disable Comments, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-comments\u002Freviews\u002F?filter=5\" rel=\"ugc\">rate us on WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For more information about features, FAQs, and documentation, check out our website at \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fplugins\u002Fdisable-comments\u002F\" rel=\"nofollow ugc\">Disable Comments\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔥 GET FREEBIES FOR YOUR WORDPRESS SITE\u003C\u002Fh3>\n\u003Cp>Consider checking out our other WordPress solutions & boost your WordPress website:\u003C\u002Fp>\n\u003Cp>🔝 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fessential-addons-for-elementor-lite\u002F\" rel=\"ugc\">Essential Addons For Elementor\u003C\u002Fa>: Most popular Elementor addons with 2 million+ happy users & 95+ widgets & ready blocks\u003C\u002Fp>\n\u003Cp>🔔 \u003Ca href=\"https:\u002F\u002Fnotificationx.com\u002F\" rel=\"nofollow ugc\">NotificationX\u003C\u002Fa> – Best Social Proof & FOMO Marketing Solution to increase conversion rates.\u003C\u002Fp>\n\u003Cp>🔗 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterlinks\u002F\" rel=\"ugc\">BetterLinks\u003C\u002Fa>: Latest best WordPress link management plugin for link shortening, tracking & analyzing.\u003C\u002Fp>\n\u003Cp>📄 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembedpress\u002F\" rel=\"ugc\">EmbedPress\u003C\u002Fa>: EmbedPress lets you embed anything including videos, images, posts, audio, maps and upload PDF, DOC, PPT etc.\u003C\u002Fp>\n\u003Cp>☁ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemplately\u002F\" rel=\"ugc\">Templately\u003C\u002Fa>: 6000+ Free templates library for Elementor & Gutenberg along with the cloud collaboration for WordPress.\u003C\u002Fp>\n\u003Cp>📚 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbetterdocs\u002F\" rel=\"ugc\">BetterDocs\u003C\u002Fa>: Best Documentation & Knowledge Base Plugin for WordPress reduce manual support tickets & improve user experience.\u003C\u002Fp>\n\u003Cp>⏰ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-scheduled-posts\u002F\" rel=\"ugc\">SchedulePress\u003C\u002Fa>: Advanced editorial calendar with WordPress Post Scheduling, Social Sharing, Missed scheduled alerts, and more.\u003C\u002Fp>\n\u003Cp>⚡ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fflexia\u002F\" rel=\"ugc\">Flexia\u003C\u002Fa>: Most lightweight, customizable & multi purpose theme for WordPress.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002F\" rel=\"nofollow ugc\">WPDeveloper\u003C\u002Fa> to learn more about how to do better in WordPress with \u003Ca href=\"https:\u002F\u002Fwpdeveloper.com\u002Fblog\" rel=\"nofollow ugc\">Help Tutorial, Tips & Tricks\u003C\u002Fa>.\u003C\u002Fp>\n","Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.",1000000,31676190,276,"2026-01-20T08:14:00.000Z","5.0",[136,123,137,138,139],"delete-comments","remove-comments","spam-protection","stop-spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-comments.2.6.2.zip",1,"2014-08-01 00:00:00",{"attackSurface":145,"codeSignals":169,"taintFlows":179,"riskAssessment":207,"analyzedAt":221},{"hooks":146,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":13,"unprotectedCount":13},[147,153,158,161],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","send_headers","incomment_check_for_cookie","incomment.php",22,{"type":154,"name":155,"callback":156,"priority":11,"file":151,"line":157},"filter","comment_notification_text","incomment_add_referrer_to_notification",23,{"type":154,"name":159,"callback":156,"priority":11,"file":151,"line":160},"comment_moderation_text",24,{"type":148,"name":162,"callback":163,"file":151,"line":164},"comment_form","incomment_add_referrers",25,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":178},[],{"prepared":13,"raw":13,"locations":172},[],{"escaped":13,"rawEcho":142,"locations":174},[175],{"file":151,"line":176,"context":177},56,"raw output",[],[180,198],{"entryPoint":181,"graph":182,"unsanitizedCount":142,"severity":197},"incomment_add_referrers (incomment.php:33)",{"nodes":183,"edges":194},[184,189],{"id":185,"type":186,"label":187,"file":151,"line":188},"n0","source","$_COOKIE",52,{"id":190,"type":191,"label":192,"file":151,"line":176,"wp_function":193},"n1","sink","echo() [XSS]","echo",[195],{"from":185,"to":190,"sanitized":196},false,"medium",{"entryPoint":199,"graph":200,"unsanitizedCount":142,"severity":206},"\u003Cincomment> (incomment.php:0)",{"nodes":201,"edges":204},[202,203],{"id":185,"type":186,"label":187,"file":151,"line":188},{"id":190,"type":191,"label":192,"file":151,"line":176,"wp_function":193},[205],{"from":185,"to":190,"sanitized":196},"low",{"summary":208,"deductions":209},"The \"incomment-referrer\" plugin version 0.4 presents a mixed security posture. On the positive side, it exhibits no known CVEs and has a minimal attack surface, with no reported AJAX handlers, REST API routes, shortcodes, or cron events. The plugin also avoids dangerous functions and external HTTP requests, and all SQL queries are prepared, which are strong security practices. However, there are significant concerns regarding output escaping and taint analysis. Notably, 100% of outputs are not properly escaped, posing a risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis revealed two flows with unsanitized paths, indicating potential avenues for malicious data injection or manipulation, although these were not classified as critical or high severity. The lack of nonce and capability checks, while less critical in this instance due to the zero attack surface, highlights a broader pattern of insufficient input validation and authorization checks that could become problematic if the plugin's functionality were to expand.",[210,213,216,219],{"reason":211,"points":212},"Unescaped output",7,{"reason":214,"points":215},"Taint flows with unsanitized paths",8,{"reason":217,"points":218},"Missing nonce checks",5,{"reason":220,"points":218},"Missing capability checks","2026-03-17T01:30:05.818Z",{"wat":223,"direct":232},{"assetPaths":224,"generatorPatterns":227,"scriptPaths":228,"versionParams":229},[225,226],"\u002Fwp-content\u002Fplugins\u002Fincomment-referrer\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fincomment-referrer\u002Fscript.js",[],[226],[230,231],"incomment-referrer\u002Fstyle.css?ver=","incomment-referrer\u002Fscript.js?ver=",{"cssClasses":233,"htmlComments":234,"htmlAttributes":235,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":239},[],[],[236],"name='incomment_ref'",[],[],[240],"\u003Cinput type='hidden' name='incomment_ref' value='"]