WP-Safety

Limit Comments and Word Count Security & Risk Analysis

wordpress.org/plugins/limit-comments-and-word-count

This plugin will limit the number of comments and the word count each user can add to a WordPress blog post, configurable by user role and time.

50 active installs v1.2.4 PHP 7.4.33+ WP 4.6+ Updated Unknown
comment-limitscomment-word-limitcomments-per-useruser-comment-limitword-limits
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Limit Comments and Word Count Safe to Use in 2026?

Generally Safe

Score 100/100

Limit Comments and Word Count has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'limit-comments-and-word-count' plugin, version 1.2.4, exhibits a mixed security posture. While it demonstrates good practices in avoiding dangerous functions, file operations, and external HTTP requests, and a decent percentage of its SQL queries use prepared statements, significant concerns arise from its attack surface. The presence of 5 AJAX handlers without authentication checks presents a notable risk, as these can be exploited by unauthenticated users to trigger unintended actions. The complete lack of nonce checks further exacerbates this risk, making these AJAX endpoints highly vulnerable to Cross-Site Request Forgery (CSRF) attacks. The plugin's history of zero known vulnerabilities is a positive sign, suggesting a generally stable codebase and diligent maintenance. However, this does not negate the immediate risks identified in the static analysis.

Key Concerns

  • Unprotected AJAX handlers
  • Missing nonce checks on AJAX handlers
  • SQL queries not using prepared statements (40% of 5)
  • Improperly escaped output (35% of 63)
Vulnerabilities
None known

Limit Comments and Word Count Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Limit Comments and Word Count Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
3 prepared
Unescaped Output
22
41 escaped
Nonce Checks
0
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

60% prepared5 total queries

Output Escaping

65% escaped63 total outputs
Attack Surface
5 unprotected

Limit Comments and Word Count Attack Surface

Entry Points7
Unprotected5

AJAX Handlers 5

authwp_ajax_lpwc_cancel_notificationlimit-comments-and-word-count.php:100
noprivwp_ajax_lpwc_cancel_notificationlimit-comments-and-word-count.php:101
authwp_ajax_lpwc_review_clickedlimit-comments-and-word-count.php:103
noprivwp_ajax_lpwc_review_clickedlimit-comments-and-word-count.php:104
authwp_ajax_lpwc_close_feature_notificationlimit-comments-and-word-count.php:106

Shortcodes 2

[IN_LIMIT] limit-comments-and-word-count.php:55
[in_limit] limit-comments-and-word-count.php:56
WordPress Hooks 28
actionadmin_initlimit-comments-and-word-count.php:65
actionadmin_initlimit-comments-and-word-count.php:69
filterplugin_row_metalimit-comments-and-word-count.php:72
actionadmin_headlimit-comments-and-word-count.php:75
actionadmin_headlimit-comments-and-word-count.php:76
actionadmin_menulimit-comments-and-word-count.php:77
actionadmin_initlimit-comments-and-word-count.php:79
actionadmin_initlimit-comments-and-word-count.php:80
actionadmin_print_scriptslimit-comments-and-word-count.php:81
actionadmin_print_styleslimit-comments-and-word-count.php:82
actionwp_enqueue_scriptslimit-comments-and-word-count.php:84
filterwp_insert_post_empty_contentlimit-comments-and-word-count.php:86
filtercomment_form_field_commentlimit-comments-and-word-count.php:87
filterpreprocess_commentlimit-comments-and-word-count.php:88
filterplugin_row_metalimit-comments-and-word-count.php:90
filtercomment_form_submit_buttonlimit-comments-and-word-count.php:91
actioninitlimit-comments-and-word-count.php:92
filtercomment_flood_filterlimit-comments-and-word-count.php:94
filterpreprocess_commentlimit-comments-and-word-count.php:97
actioncomment_postlimit-comments-and-word-count.php:98
actionadmin_noticeslimit-comments-and-word-count.php:109
actionadd_meta_boxeslimit-comments-and-word-count.php:112
actionsave_postlimit-comments-and-word-count.php:114
filtercomments_openlimit-comments-and-word-count.php:116
actionadmin_footerlimit-comments-and-word-count.php:436
actionadmin_noticeslimit-comments-and-word-count.php:1452
actionlpwc_add_notificationlimit-comments-and-word-count.php:1630
actionwp_footerlimit-comments-and-word-count.php:1631
Maintenance & Trust

Limit Comments and Word Count Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedUnknown
PHP min version7.4.33
Downloads6K

Community Trust

Rating88/100
Number of ratings9
Active installs50
Alternatives

Limit Comments and Word Count Alternatives

No alternatives data available yet.

Developer Profile

Limit Comments and Word Count Developer Profile

artiosmedia

8 plugins · 5K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
14 days
View full developer profile
Detection Fingerprints

How We Detect Limit Comments and Word Count

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/limit-comments-and-word-count/js/limit-comments-admin.js/wp-content/plugins/limit-comments-and-word-count/css/limit-comments-admin.css
Script Paths
/wp-content/plugins/limit-comments-and-word-count/js/limit-comments-admin.js
Version Parameters
limit-comments-and-word-count/js/limit-comments-admin.js?ver=limit-comments-and-word-count/css/limit-comments-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
lpwc_noticelpwc_content
HTML Comments
<!-- Comment restrictions meta box --><!-- End Comment restrictions meta box -->
Data Attributes
data-lpwc-id
JS Globals
lpwc_admin_obj
REST Endpoints
/wp-json/lpwc/v1/settings
Shortcode Output
[IN_LIMIT][in_limit]
FAQ

Frequently Asked Questions about Limit Comments and Word Count