WP-Safety

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Security & Risk Analysis

wordpress.org/plugins/yakura-commenti

Disable and remove comments site-wide or per post type. Control REST API, feeds, XML-RPC, admin UI, and avatars. Multisite ready

0 active installs v1.0.4 PHP 7.4+ WP 5.9+ Updated Mar 30, 2026
delete-commentsdisable-commentshide-commentsremove-commentsstop-spam
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Safe to Use in 2026?

Generally Safe

Score 100/100

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "yakura-commenti" v1.0.0 plugin appears to have a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history is a significant positive indicator. The code demonstrates good practices with a high percentage of properly escaped output and a substantial number of nonce and capability checks. The lack of external HTTP requests and bundled libraries further reduces potential attack vectors.

However, a critical area of concern lies within the taint analysis, specifically the presence of four "flows with unsanitized paths." While no critical or high-severity taint flows were identified, unsanitized paths can often lead to path traversal or file inclusion vulnerabilities if not handled correctly by the application logic. Additionally, the static analysis reveals that 50% of SQL queries are not using prepared statements (3 out of 6). This practice, while not leading to identified vulnerabilities in this version, represents a significant risk of SQL injection if input is not meticulously sanitized. The plugin's total entry points are solely comprised of AJAX handlers, and while all are reported as having authorization checks, any oversight in these checks could expose these handlers.

In conclusion, "yakura-commenti" v1.0.0 exhibits many good security practices, particularly in output escaping and the lack of historical vulnerabilities. The primary weaknesses stem from the presence of unsanitized paths in taint flows and the use of raw SQL queries. Addressing these specific issues would significantly improve the plugin's overall security.

Key Concerns

  • Unsanitized paths in taint flows
  • SQL queries not using prepared statements
Vulnerabilities
None known

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Release Timeline

v1.0.4Current
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
2 prepared
Unescaped Output
3
100 escaped
Nonce Checks
9
Capability Checks
15
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

33% prepared6 total queries

Output Escaping

97% escaped103 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
ajax_save (src\Admin\SettingsPage.php:67)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_yakura_commenti_save_settingssrc\Admin\SettingsPage.php:30
authwp_ajax_yakura_commenti_save_wizardsrc\Admin\SetupWizard.php:31
authwp_ajax_yakura_commenti_skip_wizardsrc\Admin\SetupWizard.php:32
authwp_ajax_yakura_commenti_delete_commentssrc\Admin\ToolsPage.php:27
authwp_ajax_yakura_commenti_clear_activity_logsrc\Features\ActivityLog.php:24
authwp_ajax_yakura_commenti_export_settingssrc\Features\ImportExport.php:24
authwp_ajax_yakura_commenti_import_settingssrc\Features\ImportExport.php:25
authwp_ajax_yakura_commenti_save_network_settingssrc\Multisite\NetworkAdmin.php:30
WordPress Hooks 17
actionadmin_enqueue_scriptssrc\Admin\Assets.php:15
actionenqueue_block_editor_assetssrc\Admin\Assets.php:16
actionadd_meta_boxessrc\Admin\MetaBox.php:27
actionsave_postsrc\Admin\MetaBox.php:28
actionadmin_menusrc\Admin\SettingsPage.php:29
actionadmin_menusrc\Admin\SetupWizard.php:29
actionadmin_initsrc\Admin\SetupWizard.php:30
actionadmin_menusrc\Admin\ToolsPage.php:25
actionadmin_headsrc\Admin\ToolsPage.php:26
actionrest_api_initsrc\API\SettingsEndpoint.php:34
actionyakura_commenti_settings_savedsrc\Features\ActivityLog.php:21
actionyakura_commenti_comments_deletedsrc\Features\ActivityLog.php:22
actionyakura_commenti_settings_importedsrc\Features\ActivityLog.php:23
filterpre_comment_approvedsrc\Features\CommentTypeManager.php:30
actionyakura_commenti_scheduled_checksrc\Features\ScheduledDisable.php:24
actionnetwork_admin_menusrc\Multisite\NetworkAdmin.php:29
actionplugins_loadedyakura-commenti.php:57

Scheduled Events 1

yakura_commenti_scheduled_check
Maintenance & Trust

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version7.4
Downloads322

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Alternatives

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Turn Off Comments — Hide Comment Box and Stop Spam

Turn Off Comments — Hide Comment Box and Stop Spam

turn-off-comments

A
100

Remove comments functionality from your website!

1K No CVEs
Habibur Comment Blocker

Habibur Comment Blocker

habibur-comment-blocker

A
100

Effortlessly disable comments and pingbacks sitewide to improve performance and security.

0 No CVEs
Comment Cleaner — Bulk Delete & Disable Comments

Comment Cleaner — Bulk Delete & Disable Comments

delete-all-comments-of-website

A
100

Delete, export, import, and manage WordPress comments with bulk tools and comment-control settings.

20K No CVEs
Disable Comments & Delete All Comments

Disable Comments & Delete All Comments

comments-plus

A
100

Disable comments globally on all posts or certain post types. Delete all comments at once, by post type or comment status. Manage links in comments.

9K No CVEs
Developer Profile

Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support] Developer Profile

Yakura

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support]

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yakura-commenti/assets/css/admin-settings.css/wp-content/plugins/yakura-commenti/assets/js/admin-settings.js/wp-content/plugins/yakura-commenti/assets/js/gutenberg-disable.js
Script Paths
/wp-content/plugins/yakura-commenti/assets/js/admin-settings.js/wp-content/plugins/yakura-commenti/assets/js/gutenberg-disable.js
Version Parameters
yakura-commenti/assets/css/admin-settings.css?ver=yakura-commenti/assets/js/admin-settings.js?ver=yakura-commenti/assets/js/gutenberg-disable.js?ver=

HTML / DOM Fingerprints

CSS Classes
yakura-commenti-admin-settingsyakura-commenti-gutenberg-disable
Data Attributes
_yakura_commenti_override
JS Globals
yakuraCommentiAdmin
REST Endpoints
/yakura-commenti/v1/
FAQ

Frequently Asked Questions about Commenti – Disable & Remove Comments, Stop Spam [Multi-Site Support]