Ghost Comment Manager
Ghost Comment Manager is designed to reduce the time you spend moderating comments. Instead of re-approving the same people over and over, you mark a person as Trusted one time. From then on: Their new comments publish immediately. A subtle “ghost” indicator is shown to moderators only so you can spot and confirm at your convenience. Visitors see a normal comment; nothing changes on the public site. Alongside this workflow improvement, the plugin includes a lightweight Shield that blocks common spam patterns without external services. A simple dashboard gives you live counts and a clear picture of what is happening. This plugin focuses on workflow, clarity, and speed. It plays nicely with Akismet or Antispam Bee if you already use them. Why use this plugin Save time: stop re-approving loyal commenters. Stay safe: every trusted comment is highlighted to moderators until confirmed. Cut spam: built-in Shield blocks common abusive behavior before it reaches your queue. See everything: a simple dashboard with trusted totals and block reasons. Keep control: bulk trust/untrust, user-profile control, and comment-screen filters. Features Core workflow – Trust / Untrust a user from the Comments list. – Auto-trust after X approved comments (configurable). – Ghosted auto-publish for trusted users (mod-only highlight until confirmed). – One-click Confirm to remove the ghost indicator. – Role exclusions so specific roles (for example Editors) publish normally without ghosting. – Custom ghost indicator icon and background color. Shield Lite (no external API) – Honeypot field that bots tend to fill. – Minimum submit time to stop instant bot posts. – Rate limits per IP (per minute and per hour). – Maximum links per comment. – Keyword and regular expression blocklist. – Auto-close comments on old posts after X days. – Minimum and maximum comment length. – Duplicate comment protection within a time window. Moderation UX – Comment-screen filters: – Pending (New Users): only untrusted comments awaiting approval. – Ghost (Trusted): approved comments still awaiting moderator confirmation. – Bulk actions: Trust or Untrust the user associated with selected comments. – Trust from the User Profile screen (checkbox). UI and Dashboard – Colorful dashboard cards for trusted users, ghost-pending count, and totals. – Shield Lite “blocks by reason” table. – Clean and organized settings pages. – “Pro Features” preview tab (coming soon items). Integrations and compatibility – Respects Akismet / Antispam Bee: if a comment is flagged as spam, this plugin does not ghost-mark or auto-approve it. – Works with block themes and classic themes. – Multisite compatible on a per-site basis. How it works (non-technical) 🧠 Approve vs Trust Approve = you approve one comment only. Trust = you approve the person. Once a user is trusted, their future comments are published instantly (no moderation wait). Example: You approve Sarah’s first few comments. After that, she’s trusted — her next comments appear immediately. 👻 Ghost indicator (moderator-only) Trusted users’ comments publish instantly but can be optionally “ghosted” (hidden from public) depending on your settings. If ghosting applies: Public visitors do not see ghosted comments yet. Moderators see them with a ghost icon 👻 or colored background. When you click “Confirm (remove ghost)”, the comment becomes visible to everyone. Example: John is a trusted user. His comment posts immediately but shows a ghost icon only moderators see. You review and click Confirm → it’s now public and the ghost mark disappears. If the user’s role is excluded in settings (for example, “Subscriber”), their comments publish publicly right away with no ghost step. ⚙️ Auto-trust threshold In Settings → Ghost Comment Manager → General, set Auto-trust after X approvals. Example: set it to 3. When any commenter reaches 3 approved comments, the plugin automatically trusts them. Their future comments post instantly without waiting for moderation. Changing this number later affects new users only; existing trusted users stay trusted. 🔐 Role exclusions (no ghosting) Choose which roles should never be ghosted. Example: check Administrator and Editor. Comments by these roles will always publish normally — no ghosting, no confirmation step. This ensures your staff or editors aren’t delayed or hidden from public view. 🛡️ Shield Lite (Spam / Abuse Guard) Works quietly in the background to stop obvious spam before it reaches your moderation queue. Uses: Honeypot field to trap bots Minimum submit time (prevents instant spam posts) Rate limits, link limits, and keyword blocklist The default settings are safe and balanced. You can fine-tune them anytime to match your community’s needs. Step-by-step setup Install and activate the plugin. Open Ghost Comments → Settings → General: Set “Auto-trust after X approvals” (0 disables auto-trust). Choose any roles to exclude from ghosting. Pick an icon and background color for the moderator-only ghost indicator. Open Ghost Comments → Settings → Shield Lite: Keep Honeypot on. Set Minimum submit time (3–5 seconds is typical). Set rate limits (for example 6 per minute and 60 per hour). Set the maximum number of links (for example 2). Add any keywords or regular expressions to block. Optionally auto-close comments on posts older than X days. Adjust minimum/maximum length and duplicate time window to taste. Start using it: In Comments → All Comments, click “Trust User” on a real commenter. Their next comments auto-publish with a moderator-only ghost indicator. Click Confirm to remove the indicator when you’re ready. Using each feature Trust / Untrust from Comments – Where: Comments → All Comments (hover a row). – Action: click “Trust User” or “Untrust User”. – Result: future comments from that user auto-publish (if trusted) and are ghost-flagged for moderators. Auto-trust after X approvals – Where: Ghost Comments → Settings → General. – Action: set a number of approved comments required (0 disables). – Result: users become trusted automatically when they reach the threshold. Confirm (remove ghost) – Where: Comments → All Comments on the trusted comment row. – Action: click “Confirm (remove ghost)”. – Result: the moderator-only highlight disappears; the comment remains published. Role exclusions – Where: Ghost Comments → Settings → General. – Action: check roles that should not be ghosted. – Result: users with those roles publish normally without a ghost indicator. Ghost indicator style – Where: Ghost Comments → Settings → General. – Action: set icon and color. – Result: the moderator-only highlight uses your chosen style. Shield Lite: Honeypot – Where: Ghost Comments → Settings → Shield Lite. – Action: keep “Honeypot” enabled. – Result: bots that fill the hidden field are blocked immediately. Shield Lite: Minimum submit time – Where: Ghost Comments → Settings → Shield Lite. – Action: set a minimum number of seconds (0 disables). – Result: submissions that happen too quickly are blocked. Shield Lite: Rate limits – Where: Ghost Comments → Settings → Shield Lite. – Action: set per-minute and per-hour limits (0 disables). – Result: repeated posting from the same IP is throttled. Shield Lite: Maximum links – Where: Ghost Comments → Settings → Shield Lite. – Action: set the link limit (0 means no limit). – Result: comments with too many links are blocked. Shield Lite: Keyword / regex blocklist – Where: Ghost Comments → Settings → Shield Lite. – Action: enter one rule per line; plain words match case-insensitive; regular expressions in /pattern/ or /pattern/i form are supported. – Result: comments matching a rule are blocked. Shield Lite: Auto-close old posts – Where: Ghost Comments → Settings → Shield Lite. – Action: set days after which comments are closed (0 disables). – Result: new comments are blocked on very old posts. Shield Lite: Min / Max length and Duplicate window – Where: Ghost Comments → Settings → Shield Lite. – Action: set minimum and maximum characters, and a duplicate-detection window in seconds (0 disables). – Result: very short, very long, or repeated comments are blocked. Filters on the Comments screen – Where: Comments → All Comments. – Action: use the “GCM View” dropdown or the additional status links. – Result: see either Pending (New Users) or Ghost (Trusted) items instantly. Bulk actions: Trust / Untrust – Where: Comments → All Comments. – Action: select multiple comments → choose “Trust user of selected comments” or “Untrust user of selected comments” → Apply. – Result: users associated with those comments are updated in bulk. Trust from the User Profile – Where: Users → All Users → Edit user. – Action: check “Trusted Commenter” and update the profile. – Result: that user is trusted without needing to find a specific comment. Dashboard – Where: Ghost Comments → Dashboard. – Shows: trusted user total, ghost-pending count, totals for auto-trusted, ghosts marked, ghosts confirmed, and a table of Shield Lite blocks by reason. Compatibility, performance, privacy Compatibility – Works with WordPress 6.0 and newer, classic and block themes. – Plays well with Akismet and Antispam Bee; if a comment is flagged as spam, it will not be ghost-marked or auto-approved by this plugin. – Multisite: activate per site or network-wide; settings are per site. Performance – Lightweight by design. No front-end JavaScript for visitors. Shield Lite uses simple server checks and transients. Privacy – Stores minimal user meta to remember trusted status and counters for the dashboard. – No data is sent to external services by this plugin. Troubleshooting I trusted a user but their comment did not auto-publish – Confirm the user is logged in with the same account you trusted. – Check if another plugin is forcing all comments to be held for moderation. – If Akismet flagged the comment as spam, it will not auto-publish. Ghost highlight is not visible to moderators – Ensure you are logged in with a role that can moderate comments. – Confirm the comment belongs to a trusted user and has not already been confirmed. – Check the indicator color in settings; choose a more visible color if needed. Auto-trust threshold is set but users are not becoming trusted – The threshold only counts approved comments after you enabled it. – Set the threshold to a smaller number to test quickly. Too many legitimate comments are blocked – Lower the minimum submit time. – Increase rate limits or set them to 0 to disable. – Raise the maximum links or remove specific keywords/regexes from the blocklist. – Reduce duplicate window time. Roadmap / Pro Coming soon in Pro: – Trust levels with scoring and optional expiry – Keyword rules with scoring and spam-gate thresholds – Team assignments and internal notes – Analytics with CSV export – Advanced role and post-type overrides
Top keywords
- comments59×3.70%
- ghost33×2.07%
- trusted24×1.51%
- shield22×1.38%
- lite20×1.26%
- shield lite20×1.26%
- user20×1.26%
- settings19×1.19%
- comment18×1.13%
- set16×1.00%
- action15×0.94%
- result15×0.94%
La Sentinelle antispam
Feel safe knowing that your website is safe from spam. La Sentinelle will guard your WordPress website against spam in a simple and effective way. It has antispam filters for comment forms and registration forms and can be extended to support plugins. The default settings should catch most spambots, and there is a settingspage to set it up according to your wishes. Current features include: 3 antispam features; Honeypot, Nonce, Form Timeout. These 3 spamfilters depend on JavaScript on the frontend. 1 antispam feature; Stop Forum Spam. Settingspage to set things up according to your wishes. Transparent to the visitor, no nagging with Captcha’s or other annoying things. By default no use of third-party services and no tracking of visitors. Lightweight and simple code. Logging for WordPress Comments and which spamfilter marked it as spam. Logging for Custom forms and which spamfilter marked it as spam. Statistics for every form how many spam submissions were blocked. WordPress forms that are protected: WordPress Comments form. WordPress Login form. WordPress Register form. WordPress Lost Password form. Form Plugins that are protected: Caldera Forms. Clean Login (Login form). Contact Form 7. Easy Digital Downloads (Login form, Register form). Everest Forms. Formidable Form Builder. Forminator. Newsletter Optin Box plugin (noptin) (standalone forms). Ultimate Member (Login form, Register form and Lost Password form). WooCommerce (Login form, Lost Password form). WPForms Lite. WP Job Manager plugin (submit job form when registering is enabled). Support If you have a problem or a feature request, please post it on the plugin’s support forum on wordpress.org. I will do my best to respond as soon as possible. If you send me an email, I will not reply. Please use the support forum. Translations Translations can be added very easily through GlotPress. You can start translating strings there for your locale. They need to be validated though, so if there’s no validator yet, and you want to apply for being validator (PTE), please post it on the support forum. I will make a request on make/polyglots to have you added as validator for this plugin/locale. How to choose an antispam plugin When you look through the WordPress Plugin Repository you will see more than a hundred antispam plugins. Which one is the best one? Short answer, there is no “best one”. No spamfilter and no method for spamfiltering is perfect. Slightly longer answer, you could try about twenty and choose the one that fits your needs best. But there is also a really long answer. There are different methods that can be used against spam, and every method has its drawbacks. In my opinion, having a low number of false positives is more important than perfectly marking all spam, you don’t want to miss out on important people or information. Nagging the user in some way has a similar effect, the user might not even want to bother with that and just walk away. Third party services: Services like Akismet, OOPSpam, Stop Forum Spam and also reCAPTCHA offer third party services to check for spam. This can be very effective, but you are giving user submitted data away to these third parties and are also giving your users up for tracking them. Captcha’s, reCAPTCHA and Quizz Questions: You are annoying your users and probably sending some of them away. This especially counts for reCAPTCHA for visitors who have third party cookies disabled. Blacklists: Often running behind the facts. That goes for the way of getting users off that list, and also in getting users on that list. Referer check: check if the Referer header is set correctly. You can never trust it is set correctly. Modern browsers are limiting the use of Referers, though for now that is mostly for third-party domains. JavaScript methods: Spammers often (always?) don’t use JavaScript, they just post the form with spammy data. Drawback for this method is that statistics say that about 1 percent of users has JavaScript disabled. Also, some websites have broken JavaScript, which might make the spamfilter break as well. Activation email for registering users. Users only get activated after clicking a link in an activation email. You still have all the non-activated users in your site however. You could have a bright idea about combining several methods, but then you get the drawbacks of all the methods you use. Another complication of choosing a good plugin is that most antispam plugins don’t tell you what methods they use. The documentation doesn’t tell you, and looking at the source code just leaves you confused at the chaos that it often is. My main motivation for writing this plugin is to offer a plugin that does spamfiltering with JavaScript methods in a simple and effective way. The claimed 1 percent of users that has JavaScript disabled will also be tech-savy enough to enable it again for your website. Compatibility This plugin is compatible with ClassicPress. Contributions This plugin is also available in Codeberg.