How do I manage comments on WordPress

WordPress users and commentators | Tutorial part 2

In my tutorial part 2, EU bloggers / beginners will find everything about WordPress users, their roles and the management of comments. + Tutorial for download

Tutorial part 2 - WordPress users

As soon as you move the cursor over on the left sidebar of the WordPress homepage user move, a submenu opens. Here you manage the users of your website and edit e.g. B. also your own profile. Normally, as the operator of the website, you will also be the administrator. However, you can assign any number of other people a role as WordPress user. I describe how you manage this under "User overview".

If you as an administrator not only manage the technology, but also write posts and create pages yourself, for security reasons you should create a second profile as a WordPress user with the rights of one Editor set up. The name of the author can be read out more easily by "hackers" and the admin login area should in any case be particularly protected. In the "Author field" in the sidebar of the article / page, select your editor name and not the administrator name out!

Your Profile - Personal Options

After you your profile have clicked on, the page opens with some personal settings. First of all, you could use the Visual editor and the Syntax highlighting turn off, but why should you do that? You then have the option of adapting the color scheme for the WordPress interface.

Finally, you decide whether you want to show keyboard shortcuts for moderating comments and whether the toolbar is shown for you on the website. The latter can be quite helpful. Since the language of the website will probably be the same as that for WordPress, you don't need to change anything here.

This is followed by your username, which you have already set before (see WordPress tutorial part 1). As you can see, it is lightened and (actually) cannot be changed. What you can change or enter, however, are your first and last name and your nickname, only the latter is absolutely necessary.

More important is yours public name. Because this is z. B. visible in the author field of your posts and when you reply to comments. To set the public name, click on the desired name in the selection. But under no circumstances should you choose your “WordPress user name”, which you use as the administrator to log in. This is really nobody else's business except you.

To do this, you would have to create a new profile for yourself (see WordPress user overview). In addition, you first need a different e-mail address than the one previously registered with WordPress. Then of course you also have to give the new profile administrator rights. Finally insert one more strong password firmly. Then log out and log in again with the new profile. After this has succeeded, delete your old administrator profile.

If you have your Username but want or need to change it because you suspect that your website has been hacked, there is a trick. However, the method is a bit cumbersome.

Contact information

The first thing you will find there is the email address you used to log in as a WordPress user. You can change it, but you have to confirm it again. I. E. You will receive a confirmation email from WordPress. Unfortunately, that doesn't always work. That's why I would keep it. If you do not want to be contacted by visitors to your website via this address, you can enter a different e-mail address later on your contact page or using a corresponding button.

It is up to you whether you also want to include your profiles in the social networks. It is not necessary. What would be useful, however, are some biographical information. Describe in a few sentences who you are, what you do and what you like. If you later want to show information about the author under your contributions, this text will appear there.

Finally, you still have the option of your WordPress password to to change. You can also log out on all other devices using a button. This could be useful if, for example, you are B. are logged in on your PC and smartphone. If your smartphone is lost, you can at least ensure that no one else can access your WordPress backend.

WordPress users - overview

Under the menu item All users you will probably only see yourself at first. To register a new WordPress user, click on above the list add new. A new page will then open in which you can enter the profile (see "Your Profile") of the new user. The name you entered there will now appear next to the user name. In addition, the e-mail address and the user role. If you hover over the username you will see two options: To edit (opens the profile page) and Look at.

User roles

Because there are often misunderstandings in this regard, I will explain the different ones below User roles. When you register a new WordPress user, you should carefully consider which user role you assign to them. Because it doesn't necessarily make sense that everyone has all rights.

Of course, the most extensive are the rights of the Administrators. Because he is allowed to do everything - including crashing the website completely! So it just should one Administrator who ideally also knows what he is doing.

As editor you are allowed to view, edit, publish and delete all posts and pages. You can also manage categories, tags and links, moderate comments and upload files. But you don't have access to the theme settings.

On the other hand, you have as author significantly more restricted rights. So you are only allowed to have yours edit your own posts, upload pictures, publish and delete the posts. However, you cannot access other pages, contributions, comments, etc.

If only you Employee you can edit your own contributions, but only until the administrator has published them. After that and beyond, you no longer have access rights.

At all no editorial rights has a subscriber (Follower). Because here it behaves similarly to the social networks. If you follow a blog, you will receive a notification as soon as a new post is published. But you have no influence on the blog itself.

Manage WordPress users

As already mentioned, as an administrator you have all rights. As a result, you can not only add new WordPress users to your website. You also have the option of changing their role or deleting them entirely.



The EU General Data Protection Regulation has been in force since May 2019. Among other things, it also regulates how you deal with Customer / visitor data have to deal with. If you have other WordPress users logged on to your website, you must keep records of their data.

This means that it is best to create an external table in which you enter all of the data specified in their profile. On the one hand, this table should of course always be up to date. On the other hand, it must always be available. Even if your website is not (no longer) online. Therefore, I would not only rely on the corresponding WordPress function (see tutorial part 3).

Because your visitors have the right to receive information about the data you have collected or to have them changed or deleted at any time. The same applies to the data of visitors who comment on your posts. In addition, you must inform them about their rights in your data protection declaration and name a contact person.


Strictly speaking, a visitor who comments on your posts is not a WordPress user. But it also interacts with your website and you register its name, email and IP address and possibly its website URL. In addition, the day and time of his comment.

If your website complies with the latest data protection requirements, he could refuse to collect his data. Experience shows, however, that very few do that. Therefore, it is not only to be equated with a WordPress user in terms of data protection.

In addition, you have under Settings> Discussion the ability to customize the comment function. On the one hand, there are the standard settings that you can later modify for each individual contribution. On the other hand, there are also those that concern security and data protection. A few points depend on the function of the website and your personal preferences.

In order to be able to control which comments appear on your website, it is best to determine that each comment has to be approved manually. Otherwise you will at some point be faced with a flood of meaningless comments or comments that are only used to disseminate links without reference to your contributions.

In any case, you should check the box next to "Enter your name and email address to comment" or "... be registered and logged in". This gives you some control over whether the comments are legitimate or spammers. It is also useful to check the opt-in check box for comment cookies.

Protection against spammers and bots

To make it a little harder for spammers and bots, you can set a filter for the maximum number of links within a comment. And if you do find yourself haunted by a persistent spammer, you can still add their email or IP address to your personal blacklist.

In any case, it is advisable to install a plug-in to prevent spam. But currently I can only do that Antispam Bee from pluginkollektiv recommend, as other comparable plug-ins are not GDPR-compliant.

Manage comments

To read, reply to, and manage comments, click Comments on the dashboard menu. A new window will open. For one, you can here

  • all comments
  • your answers
  • outstanding,
  • shared as well
  • View spam comments.

You also have the option of removing deleted comments / spam from the trash and thus permanently deleting it. If you have specified "Manual release" in the settings, do this in this window as well (see Fig. Comments list).

On the other hand, the overview shows you the commentator's recorded data in addition to the comment and the article title:

  • name used by him / her
  • possibly his / her website url
  • the email address and IP
  • when the comment was made (date and time)

Due to the guidelines of the GDPR, you must also keep a list of this personal data outside of the WordPress CMS (see also above under data protection).

eb Webdesign - WordPress Part 2: Download the tutorial

WordPress Users - Avatars

The small pictures that z. B. next to the name of a commenter or WordPress user. On the one hand, they are quite nice. If the visitor to your website uses a mini-portrait of themselves, you also have an idea of ​​who is interested in your page. On the other hand, avatars also have disadvantages.

To create an avatar as a WordPress user, WordPress forwards you to the Gravatar website. There you upload your picture and it will be saved there. It will then be downloaded from there as soon as someone visits your website. It does not matter whether it is the avatar of one of your registered WordPress users or an external commentator.

This procedure can influence the loading time of your website, as the browser has to communicate with two servers. In addition to real photos, you also have the option of automatically generating graphic avatars. But even in this case, additional images have to be loaded, which in turn can influence the loading time. So think about whether this nice gimmick is really important to you.

In addition, you should keep in mind that Gravatar is owned by Automattic, a US company. Accordingly, data may also be transferred to their servers outside the EU. Since that EU-US Privacy Shield, on the fact that the company invokes a GDPR-compliant handling of data is invalid, the use of the avatars is not advisable.

More WordPress tutorials