WordPress.org

Français

Obtenir WordPress
WordPress.org

Plugin Directory

Comments Press Zone

Comments Press Zone

Par Avi Ezra
Télécharger

Description

Comments Press Zone transforms your WordPress comments into a modern, engaging discussion platform. Built for performance and accessibility, it seamlessly replaces the default comment system while preserving all your existing comments.

Key Features

Engagement Tools

  • Upvote and downvote comments
  • Social sharing (Facebook, Twitter/X, LinkedIn)
  • Threaded replies with configurable nesting depth
  • Confetti celebration on new comments
  • Post-comment sharing prompts

Design Customization

  • Three color modes: Light, Dark, and Theme Inherit
  • Styling options: Square, Rounded, or Pill borders
  • Adjustable padding: Wide, Standard, or Minimal
  • Configurable border thickness
  • Live preview in admin panel
  • Fully responsive for all devices

Powerful Moderation

  • Ban users permanently or temporarily
  • Mute users for specified periods
  • Issue warnings with custom messages
  • Full moderation audit log
  • User infraction history
  • Report system for community moderation
  • Comment editing and deletion

Security & Spam Protection

  • Google reCAPTCHA v3 integration
  • Comment rate limiting (throttling)
  • Banned words filter
  • External link blocking option

Performance

  • Optimized database queries
  • Optional Redis caching support
  • Optional Memcached support
  • Minimal frontend footprint

Accessibility

  • WCAG 2.1 AA compliant
  • Full keyboard navigation
  • Screen reader optimized
  • Focus indicators on all interactive elements
  • Respects prefers-reduced-motion

Perfect For

  • Community websites requiring robust moderation tools
  • Publications wanting engagement metrics and voting
  • Blogs needing customizable comment appearance
  • Sites requiring spam protection beyond Akismet
  • Developers building extensible comment systems

Requirements

  • WordPress 6.0 or higher
  • PHP 7.4 or higher
  • MySQL 5.7 or higher

External Services

This plugin connects to external services under specific conditions:

Google reCAPTCHA v3 (Optional – Admin Configuration Required)

  • What it is: Google’s invisible spam protection service that analyzes user behavior to detect bots
  • When used: Only when reCAPTCHA is explicitly enabled by the site administrator in plugin settings (Settings > Spam & Moderation > Enable reCAPTCHA) AND a user submits a comment
  • Data sent:
    • Comment form token generated by reCAPTCHA JavaScript
    • User’s IP address for verification
    • reCAPTCHA response token
    • Browser/device information collected by Google’s reCAPTCHA script
  • Purpose: Spam protection and bot detection to prevent automated comment spam
  • User control: Site administrators can completely disable this feature in plugin settings. When disabled, no data is sent to Google.
  • Privacy Policy: https://policies.google.com/privacy
  • Terms of Service: https://policies.google.com/terms
  • Additional info: https://developers.google.com/recaptcha

Social Media Sharing Links (User-Initiated Only – No Automatic Data Transmission)

The plugin generates share links for social media platforms. Important: No data is sent automatically. The plugin only creates clickable links. Data is only transmitted when a user voluntarily clicks a share button.

  • Facebook Sharing

    • What it is: Direct link to Facebook’s share dialog
    • When used: Only when a user voluntarily clicks the Facebook share button on a comment
    • Data sent: Post/comment URL (via URL parameter: ?u=)
    • Purpose: Allow users to share comments on their Facebook timeline
    • User control: Users must explicitly click the share button. No data is sent otherwise. Administrators can disable Facebook sharing in plugin settings.
    • Privacy Policy: https://www.facebook.com/privacy/policy/
    • Terms: https://www.facebook.com/terms.php
    • Note: The plugin does not embed Facebook tracking pixels or the Facebook SDK. It only provides a standard share link.

  • Twitter/X Sharing

    • What it is: Direct link to Twitter’s tweet intent interface
    • When used: Only when a user voluntarily clicks the Twitter/X share button on a comment
    • Data sent: Post/comment URL (via URL parameter: ?url=)
    • Purpose: Allow users to share comments on Twitter/X
    • User control: Users must explicitly click the share button. No data is sent otherwise. Administrators can disable Twitter sharing in plugin settings.
    • Privacy Policy: https://twitter.com/en/privacy
    • Terms: https://twitter.com/en/tos
    • Note: The plugin does not embed Twitter tracking scripts. It only provides a standard tweet intent link.

  • LinkedIn Sharing

    • What it is: Direct link to LinkedIn’s share article interface
    • When used: Only when a user voluntarily clicks the LinkedIn share button on a comment
    • Data sent: Post/comment URL (via URL parameter: ?url=)
    • Purpose: Allow users to share comments on their LinkedIn profile
    • User control: Users must explicitly click the share button. No data is sent otherwise. Administrators can disable LinkedIn sharing in plugin settings.
    • Privacy Policy: https://www.linkedin.com/legal/privacy-policy
    • Terms: https://www.linkedin.com/legal/user-agreement
    • Note: The plugin does not embed LinkedIn tracking pixels. It only provides a standard share link.

Important Clarifications:

  1. No Automatic Tracking: The plugin does NOT automatically send data to social media platforms. It only generates share URLs. When a user clicks a share button, they are redirected to the respective platform’s website, which is outside the plugin’s control.

  2. Administrator Control: Site administrators can disable any or all social sharing options in Settings > Comments Display > Social Sharing.

  3. No External Scripts: The plugin does not load Facebook SDK, Twitter widgets, or LinkedIn tracking scripts on your site. All sharing is done via standard URL parameters.

  4. Data Privacy: The plugin does not store or log sharing activity. All sharing happens directly between the user’s browser and the social media platform.

Privacy Policy

Comments Press Zone stores the following data in your WordPress database:

Comment Data (Standard WordPress)
* Comment content, author name, email, and IP address
* Comment timestamps and parent relationships

Engagement Data
* Votes (upvotes/downvotes) linked to user ID or IP for guests
* User reputation scores

Moderation Data
* User bans, mutes, and warnings with timestamps
* Moderation audit log entries
* User reports

No External Data Sharing

All data is stored locally in your WordPress database. External connections only occur when:

  • reCAPTCHA (if enabled): Interaction data sent to Google for spam verification
  • Social Sharing: When users click share buttons, they are redirected to social platforms

Development

Comments Press Zone is actively developed. Report issues or contribute:

Source Code

This plugin contains compiled/minified JavaScript and CSS files. The full source code is available in the plugin directory and on GitHub:

Compiled Files and Their Sources:

  • admin/build/admin.js (minified) – Source in admin/src-vanilla/ directory

    • Individual module files: main.js, state/*, components/*, utils/*
    • Build command: cd admin && npm install && npm run build
    • Build tool: Webpack 5 with Babel

  • Frontend JavaScript – Source in assets/js/ directory

    • All frontend JS files are uncompressed and included as-is
    • Files: frontend.js, components/*.js

  • Stylesheets – Source in assets/scss/ directory

    • SCSS files that compile to assets/css/frontend.css
    • Build command: npm install && npm run build:css (from plugin root)
    • Build tool: node-sass/sass compiler

All source code is included in the plugin download and is available at: https://github.com/avi-ezra/comments-press-zone

Hooks & Filters

Developers can extend functionality using WordPress hooks. Documentation available on GitHub.

Credits

Developed by Press.zone

Technologies Used

  • Vanilla JavaScript (no jQuery dependency)
  • SCSS for styling
  • WordPress REST API
  • WordPress native comment system

Captures d’écrans

  • Comments interface with voting and threaded replies
  • Admin dashboard with moderation statistics
  • Design customization panel with live preview
  • Moderation tools with user management
  • Responsive mobile view

Installation

  1. Upload the comments-press-zone folder to /wp-content/plugins/
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Navigate to Comments Zone > Design to customize appearance
  4. Configure settings in Comments Zone > Settings

Quick Start

After activation:

  1. Visit any post with comments to see the new interface
  2. Customize colors and styling in Design settings
  3. Enable/disable engagement features in Settings
  4. Configure spam protection as needed

FAQ

Does this replace WordPress default comments?

Yes, Comments Press Zone integrates with WordPress native comments while providing an enhanced interface and additional features. All existing comments display seamlessly.

Is it compatible with my theme?

Yes! The plugin includes a « Theme Inherit » mode that automatically adapts to your active theme’s colors. You can also choose Light or Dark modes for consistent styling.

Will I lose my existing comments?

No. The plugin uses WordPress’s native comment system. All existing comments remain intact and display in the new interface.

Does it work with other comment plugins?

Comments Press Zone replaces the default comment display. It may conflict with other comment plugins like Disqus, Jetpack Comments, or wpDiscuz. We recommend deactivating other comment plugins.

How do I enable dark mode?

Navigate to Comments Zone > Design > Colors and select « Dark ». For automatic detection based on user preference or theme, select « Inherit ».

What moderation tools are included?

Full moderation suite including: ban users (permanent or temporary), mute users, issue warnings, view user history and infractions, manage reports, and complete audit log of all moderation actions.

How does spam protection work?

Multiple layers: Google reCAPTCHA v3 (optional), comment rate limiting, banned words filter, and optional blocking of external links. Works alongside Akismet if installed.

Can I customize the comment display order?

Yes! In Settings > Comments Display, you can choose between « Newest First » or « Oldest First » ordering.

Is it translation ready?

Yes, fully translatable with included .pot file. Hebrew translation included. All strings use the comments-press-zone text domain.

Does it support RTL languages?

Yes, full RTL (right-to-left) support is included for languages like Hebrew, Arabic, and Persian.

Avis

Il n’y a aucun avis pour cette extension.

Contributeurs/contributrices & développeurs/développeuses

« Comments Press Zone » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Contributeurs

Traduisez « Comments Press Zone » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal des modifications

1.0.6

  • WordPress.org Compliance: Fixed internationalization issue – removed dynamic translation of user-configurable template values (Options.php:141)
  • WordPress.org Compliance: Added comprehensive build tools documentation (CONTRIBUTING.md) with detailed instructions for webpack and SCSS compilation
  • Documentation: Enhanced developer onboarding with step-by-step build process, directory structure, and troubleshooting guide
  • Code Quality: Clarified that user-defined email templates and tooltip text should not be passed through gettext functions

1.0.5

  • Security Fix: CRITICAL – Fixed SQL injection vulnerability in RestReports (added whitelist validation for report types)
  • Security Fix: CRITICAL – Fixed SQL injection vulnerability in RestInfractions (wrapped query with $wpdb->prepare())
  • Security Fix: HIGH – Fixed privilege escalation in comment editing (reordered ownership check before moderator permissions)
  • Security Fix: HIGH – Fixed stored XSS via innerHTML in Editor component (replaced all .innerHTML with .textContent for user data)
  • Security Fix: MEDIUM – Added HMAC validation for rate limit bypass prevention (cryptographic validation with wp_hash())
  • Security Fix: MEDIUM – Fixed information disclosure in REST API (generic error messages, detailed errors logged only)
  • Security Fix: MEDIUM – Added IP address validation before sanitization (filter_var validation)
  • Accessibility: Added navigation landmark with aria-label to pagination for screen reader context
  • Accessibility: Implemented aria-pressed attribute for Editor toolbar toggle buttons (bold, italic, etc.)
  • Accessibility: Added language attributes to dynamically generated content (templates, modals)
  • Accessibility: Enhanced vote announcements with descriptive context (« Comment now has X votes »)
  • Accessibility: Improved emoji picker keyboard navigation robustness (boundary checks, focus management)
  • Accessibility: Modernized skip link with clip-path (better browser support)
  • Accessibility: Added high-contrast focus styles to admin interface
  • Accessibility: Added screen-reader-only heading to comment items (semantic structure)
  • Accessibility: Enhanced emoji category announcements (« Showing X category with Y emojis »)
  • Accessibility: Added sr-only text to loading spinner for screen readers
  • Translation: Complete i18n coverage – wrapped all 31 REST API strings with __() translation function
  • Translation: Added translation support to RestAdmin, RestModeration, RestInfractions, RestReports
  • Compliance: Achieved 100% WordPress.org Plugin Check compliance (A+ grade)
  • Compliance: Achieved perfect 10/10 security score
  • Compliance: Achieved 100% WCAG 2.1 Level AA accessibility compliance
  • Code Quality: Created RestBase class to standardize error handling across REST endpoints
  • Code Quality: Removed duplicate CSS property in modal styles
  • Documentation: Updated variable comment for styling convention clarity

1.0.4

  • WordPress.org Compliance: Fixed Plugin URI to point to valid GitHub repository (avi-ezra/comments-press-zone)
  • WordPress.org Compliance: Updated Contributors list to only include WordPress.org username ‘resite’
  • WordPress.org Compliance: Enhanced source code documentation with detailed build instructions for admin/build/admin.js
  • WordPress.org Compliance: Expanded External Services documentation with comprehensive details for reCAPTCHA and social sharing
  • WordPress.org Compliance: Verified « Powered by » attribution removed from frontend (already removed in 1.0.3)
  • Security: Enhanced IP address validation in reCAPTCHA verification using FILTER_VALIDATE_IP filter
  • Security: Improved settings sanitization with proper handling for multiline fields, passwords, and API keys
  • Code Quality: Added PHPCS suppression comment for legitimate dynamic translation of user-configurable templates
  • Code Quality: Enhanced per-field sanitization in Settings.php (sanitize_textarea_field for email bodies, preserve API key special characters)
  • Development: Added .distignore and build-package.sh for clean WordPress.org package creation (excludes development files)
  • Documentation: All inline styles and scripts verified as properly enqueued (wp_enqueue_style/wp_enqueue_script)

1.0.3

  • Compliance: Fixed Plugin URI to point to GitHub repository (was returning 404)
  • Compliance: Enhanced external services documentation with detailed privacy/ToS links for Facebook, Twitter, LinkedIn
  • Compliance: Removed « Powered by » attribution from frontend (WordPress.org guideline compliance)
  • Compliance: Added detailed source code documentation for all compiled/minified files
  • Security: Improved IP address sanitization using FILTER_VALIDATE_IP in reCAPTCHA verification
  • Security: Enhanced settings sanitization to properly handle API keys, secrets, and passwords
  • Code Quality: Removed unused CSS for footer attribution
  • Documentation: Added build instructions and source code locations to readme

1.0.2

  • Security Fix: Resolved all WordPress Plugin Check warnings for database queries.
  • Security Fix: Added file-level PHPCS disable blocks for custom table queries (DirectDatabaseQuery, NoCaching, PreparedSQL).
  • Security Fix: Fixed translators comment placement for i18n compliance.
  • Security Fix: Added Squiz.PHP.DiscouragedFunctions ignores for legitimate ini_set() usage (ReDoS protection).
  • Security Fix: Added esc_html() escaping to display_name in REST API responses.
  • Compliance: Full WordPress.org Plugin Check compliance for database security rules.
  • Compliance: Replaced wp_add_inline_style with direct style output for theme color variables.
  • Accessibility: Added ARIA attributes (role, aria-controls, aria-label) to admin actions menu.
  • Accessibility: Added full keyboard navigation to emoji picker (arrow keys, Enter, Escape).
  • Improvement: Increased reCAPTCHA verification timeout from 2s to 5s for reliability.
  • Code Quality: Refactored 6 files to use consistent PHPCS suppression patterns.
  • Code Quality: Cleaned up redundant inline PHPCS comments.

1.0.1

  • Security Fix: CRITICAL – Fixed IDOR vulnerability in comment deletion (moderators can now only delete comments on posts they moderate).
  • Security Fix: HIGH – Fixed ban/mute system bypass by consolidating warnings table and user meta checks.
  • Security Fix: MEDIUM – Added dual-layer rate limiting (User ID + IP Address) to vote system.
  • Security Fix: MEDIUM – Added ReDoS protection to banned word patterns (wildcard/length limits + PCRE backtrack limits).
  • Security Fix: MEDIUM – Removed information disclosure in error messages (generic messages instead of revealing banned words).
  • Enhancement: Complete GridTable component refactor using CSS Grid for perfect column alignment.
  • Enhancement: Recent Activity section redesigned to use GridTable for consistent UI.
  • Improvement: GridTable accessibility enhanced with scope attributes (WCAG 2.1 AA Compliant).
  • Improvement: Added robust hosting compatibility checks for regex operations.
  • Fix: Resolved column alignment issues in Moderation tabs.
  • Fix: Removed disconnected border lines in table cells.
  • Performance: Optimized table rendering with direct CSS Grid children.

1.0.0.6

  • Security Hardening: Improved sanitization for user IP addresses.
  • Security Hardening: Enforced strict sanitization for settings inputs.
  • Security Hardening: Secured ReCAPTCHA key storage.
  • Fix: Escaping in comment templates to prevent XSS.
  • Fix: Editor component linting issues.

1.0.0

  • Initial public release
  • Full commenting system with voting
  • Moderation suite (ban, mute, warn)
  • Design customization with live preview
  • reCAPTCHA v3 integration
  • Social sharing integration
  • Accessibility compliance (WCAG 2.1 AA)
  • Redis and Memcached caching support
  • Complete admin dashboard

Méta

Évaluations

Aucun avis n’a encore été envoyé.

Your review

Voir tous les avis

Contributeurs

Support

Quelque chose à dire ? Besoin d’aide ?

Voir le forum de support

Faire un don

Souhaitez-vous soutenir l’avancement de cette extension ?

Faire un don à cette extension