When you have a large site, maintenance can be a hassle. You might have multiple authors and thousands of comments to sift through, on top of all the regular work like updating plugins, etc. One solution that many organizations take, is to outsource the comment moderation. Of all the possibly risky areas of a site, comment moderation would appear to require the least trust.
The Problem with Low-Trust Comment Moderation in WordPress
However, this simple requirement is complicated by WordPress’ weird system of linking comment moderation permissions with editing permissions. According to the documentation, you can only moderate comments if you can edit those posts. I’m sure there’s a good reason for this design, but I can’t think of it at the moment!
Unlike comment moderation, allowing the editing of posts requires a much higher level of trust. Someone can insert spam links if they choose to abuse the trust. Or worse – insert harmful JavaScript and introduce malware. It’s no surprise that WordPress admins control the post editing feature very closely. You can’t let just anyone modify content on the site at will.
But given that comment moderation requires low trust, but post editing requires a high-trust environment, how can we reconcile the two? How do we allow someone to have ONLY the ability to moderate comments without giving them the ability to edit posts?
And that’s were a new plugin comes along.
Try it Yourself – Remove the “Moderation Permission” and see!
You can check for yourself, the most egregious demonstration of this curious relationship. Use a plugin like “User Role Editor” and take out the “moderate” permission from any user that already has the “Edit post” permission. After saving your changes, log in as that user and see if you can still moderate comments. The answer is yes! So the real permission here is the editing capability. If you can edit posts, you can moderate comments. If you don’t have the permission to edit posts, you can forget about moderation.
It’s unfortunate, but for some website owners, this is enough to turn them off WordPress comments entirely. So they use external 3rd party comment systems like Disqus, which comes with its own share of problems. So we need a better solution.
Comment Moderation Role Plugin
I stumbled upon this plugin earlier last week. It allows you to assign moderator privileges to a WordPress user without allowing them to edit a post. It’s perfect if you want to outsource the comment moderation to someone to whom you don’t want to give access to your posts. It turns what would have been a high-risk solution into something with much lower stakes.
You can download and install the comment moderation role plugin from the WordPress repository. Once installed, it creates a new role called “WPB Comment Moderator”. You just need to assign this role to an existing user, and they’ll be able to moderate comments without any further ado – even if you don’t let them edit posts. So assign the role, just open the user’s profile in the editor and make the change and shown here:
As you can see, you just need to select the role from the drop-down box and you’re done! After changing the selection, scroll down to save your changes. Now the next time the user in question logs into the WordPress dashboard, they’ll see that they have the new “Comments” menu item on the left-hand side as shown here:
It’s that simple! Now you can hire someone and give them comment moderation permissions straight away without worrying about compromising your site security!
Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.
Leave a Reply