Remove All Comments Security & Risk Analysis
wordpress.org/plugins/remove-all-commentsThis plug-in will removed/Delete all comments from posts and pages.
Is Remove All Comments Safe to Use in 2026?
Generally Safe
Score 85/100Remove All Comments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'remove-all-comments' v3.1.1 plugin exhibits a mixed security posture. On one hand, the attack surface appears minimal with no identified AJAX handlers, REST API routes, shortcodes, or cron events, which is a strong positive. Furthermore, there are no recorded vulnerabilities in its history, suggesting a generally stable codebase. However, significant concerns arise from the static analysis. The plugin uses raw SQL queries without prepared statements, which is a common vector for SQL injection vulnerabilities. Additionally, a substantial portion of its output is not properly escaped, creating a risk of Cross-Site Scripting (XSS) attacks. The absence of capability checks and nonce checks, while not directly exploitable due to the zero attack surface, highlights a lack of robust security practices that could become a problem if the plugin's functionality were to expand or change in future versions.
Key Concerns
- Raw SQL queries without prepared statements
- Unescaped output
- Missing capability checks
- Missing nonce checks
Remove All Comments Security Vulnerabilities
Remove All Comments Code Analysis
SQL Query Safety
Output Escaping
Remove All Comments Attack Surface
WordPress Hooks 5
Maintenance & Trust
Remove All Comments Maintenance & Trust
Maintenance Signals
Community Trust
Remove All Comments Alternatives
![Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]](https://ps.w.org/disable-comments/assets/icon-128x128.png){kind=icon}
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]
disable-comments
Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.
Comments Shield – Disable Comments & Stop Spam, Bulk Delete & Remove Comments
comments-shield
Delete, disable, and clean all comments in one click. Easily manage, bulk delete, or completely disable comments across your entire WordPress site.
Habibur Comment Blocker
habibur-comment-blocker
Effortlessly disable comments and pingbacks sitewide to improve performance and security.
JavaTop No Comments
javatop-no-comments
Disables comments site-wide with a single click. No configuration required.
Yakura Commenti – Disable & Remove Comments
yakura-commenti
Disable and remove comments site-wide or per post type. Control REST API, feeds, XML-RPC, admin UI, and avatars. Multisite ready
Remove All Comments Developer Profile
3 plugins · 320 total installs
How We Detect Remove All Comments
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/remove-all-comments/images/icon.pngHTML / DOM Fingerprints
wrapform-tableupdate-nagwp-post-imagedata-captiondata-srcdata-large-imagedata-large-image-widthdata-large-image-height<h2>Remove All Comments Plugin Settings</h2><select name="remove_all_is_all"><select name="remove_all_is_page"><select name="remove_all_is_post">