Disable HTML in comments
What this does is it converts single quotes, double quotes, the less than symbol (<), the greater than symbol (>), and ampersands (&) to HTML entities whenever a comment is posted, so that they are displayed as-is when someone views the comment.
/** * Snippet Name: Disable HTML in comments * Snippet URL: https://wpcustoms.net/snippets/disable-html-comments/ */ // This will occur when the comment is posted function plc_comment_post( $incoming_comment ) { // convert everything in a comment to display literally $incoming_comment['comment_content'] = htmlspecialchars($incoming_comment['comment_content']); // the one exception is single quotes, which cannot be #039; because WordPress marks it as spam $incoming_comment['comment_content'] = str_replace( "'", ''', $incoming_comment['comment_content'] ); return( $incoming_comment ); } // This will occur before a comment is displayed function plc_comment_display( $comment_to_display ) { // Put the single quotes back in $comment_to_display = str_replace( ''', "'", $comment_to_display ); return $comment_to_display; } add_filter( 'preprocess_comment', 'plc_comment_post', '', 1 ); add_filter( 'comment_text', 'plc_comment_display', '', 1 ); add_filter( 'comment_text_rss', 'plc_comment_display', '', 1 ); add_filter( 'comment_excerpt', 'plc_comment_display', '', 1 ); // This stops WordPress from trying to automatically make hyperlinks on text: remove_filter( 'comment_text', 'make_clickable', 9 );