WordPress Hack: Notify Users of Moderation

One thing I don’t like about WordPress is that when a comment submitted by a reader goes into moderation for some reason, they have no way of knowing their comment was successfully submitted. They just see that it hasn’t been posted. Even with prominent warnings about the possibility of moderation, they might try to submit the comment again, becoming frustrated.

My solution give the user a JavaScript alert window telling them if their comment was put into moderation.

For WordPress 1.5.1, it can be done with a strict plugin: Notify Users of Moderation 1.0 Just install this, activate it, and you’re done.

For earlier versions, it requires hacking. First, open up wp-comments-post.php and look for this code (near the end). This is for WP 1.2.1 and 1.3… for WP 1.2, see below.

$location = get_permalink($comment_post_ID);

Replace that line with these two lines.

$comment_went_live = ($approved == 0) ? '?moderated=true' : '';
$location = get_permalink($comment_post_ID) . $comment_went_live;

If you are using WP 1.2, look for this line.

$location = (empty($_POST['redirect_to'])) ? $_SERVER['HTTP_REFERER'] : $_POST['redirect_to'];

Replace with this.

$comment_went_live = ($approved == 0) ? '?moderated=true' : '';
$location = (empty($_POST['redirect_to'])) ? $_SERVER['HTTP_REFERER'] : $_POST['redirect_to'];
$location .= $comment_went_live;

What this does is append ?moderated=true to the end of the URI the user is redirected to after submitting a moderated comment. This is for use with clean URIs… if you use the index.php?p=XXX method, you should change ?moderated=true to &moderated=true

Now, all you have to do is add code to index.php to make a pop-up alert when moderated=true is in the URI.

In your index.php file, inside the <head></head> section, add this code.

<?php if ($_GET['moderated'] === 'true') { ?>
<script type="text/javascript"><!--
window.onload= function(){
        alert ("Your comment was successfully processed!\n\nHowever, due to one of the reasons listed below, it was placed on hold and will appear on the site once the administrator verifies that it is not spam.\n\n   - more than <?php
    	echo get_settings('comment_max_links') . ' link';
	echo (get_settings('comment_max_links') > 1) ? 's' : '';
     ?> in the comment\n   - contained a word sometimes associated with spam\n\nPlease be patient and do not resubmit your comment.");
<?php } ?>

Modify the text of that alert to your liking. \n means a forced line break.

This will work on both WordPress 1.2 and WordPress 1.3

Yes, it works… please don’t test it out by spamming me. 😀

Once Again: Please don’t test it out by spamming me! If you want to see what it looks like when a comment gets moderated, put ?moderated=true at the end of the address up in your browser’s address bar.

Update: Added in a little PHP logic into the popup so that it automatically grabs your max links setting.

Update: Added a plugin version for WP 1.5.1


  1. says

    I’d love to use this, but I can’t seem to make it work. I’m using Kubrick as my base template, which does not have a <head></head> area in the index.php . Is there an equivalent that you know of? The closest I could find was <head profile=”http://gmpg.org/xfn/1″></head>, but this did not work. Please help.

  2. says

    That is the head section. Just make sure that you modify it in the right file. If I remember correctly, Kubrick uses separate files for individual archives. You would need to add the JavaScript code in the individual archive file.

  3. says

    All that Kubrick comes with is index.php, kubrick-searchform.php, wp-comments.php, and wp-layout.css . I tried inserting the code again into index.php and still no good. Any ideas, this would be great to have.

  4. says

    Blast, that’s what I’ve been doing. Shoot, I’d love to get this up and running. Would it help if I sent you a copy of my index.php?

  5. says

    I’d love to make this cool script work Mark.
    Unfortunately, when I open wp-comments-post.php the only line that starts with $location is:
    $location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];

    I’m using WordPress 1.2

  6. says

    JohnP, my mistake, I only looked at WP 1.3 and 1.2.1… it is slightly different in WP 1.2

    I have updated the instructions to reflect that.

  7. says

    Horray, it work did! Thanks a lot Mark.

    However, the instructions still need a little editing – it should read:

    …if you use the index.php?p=XXX method, you should change ?moderated=true to &moderated=true

    And, if you copy and paste the alert text from above note that the line breaks need correcting to n

  8. says

    Thanks for catching that, JohnP. Posting code in WordPress can be frustrating, as you need to convert a lot of things to HTML entities, such as doublequotes, ampersands, and now (apparently) backslashes!

  9. Tin says

    this fix is fantastic! i have one question though. how can i get it to work with pop up comments?

  10. says

    I don’t really know anything about WP’s pop-up comments… you’re the first one I’ve ever heard of using them. However, I imagine it it as simple as inserting the JavaScript code into the correct place in wp-comments-popup.php instead of in index.php

  11. says

    Read the instructions again. If you’re using the ?p=X method, you need to change a ? in the plugin to a &.

  12. says

    This is SUCH a great idea! Some of my “spam words” could be commonly used by legitimate readers. Thank you!

    I also love the way you have your own comments set up here… the live preview and html tags are genius!

  13. says

    Thanks so much, this had been bothering me since setting up my comment spam words.

    Wanted to let you know I really appreciated it.

  14. says

    I’m getting the following error: I tried both the ? and the & method.

    Warning: Unexpected character in input: ” (ASCII=92) state=1 in /path/to/SanDiegoChurches/wp-comments-post.php on line 99

    Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /path/to/htdocs/SanDiegoChurches/wp-comments-post.php on line 99

  15. says

    My mistake. A WordPress upgrade changed something and I was escaping with backslashes something that no longer needed escaping. It should be right now.

  16. Patrick says

    I just don’t seem to get this to work. my WP version is 1.2.2
    if i try breaking my own rules i do get the p=xxx&moderated=true at the end of the url, but the javascript window does not pop up although i have modified my index.php.
    any ideas?

  17. says

    You must have made a mistake when modifying your index.php

    If you give me your blog’s URI, I can take a look at it and likely tell you what’s wrong.

  18. says

    I’ve just upgraded to WP 1.5.1, and now every comment posted re-directs with ?moderated=true appended to the URL, even if it is not moderated.

    I’ve changed the modification of wp-comments-post.php to the 1.3 version above (I upgraded from WP1.2) – does 1.5.1 need something different again?

    Also, Spam Karma 2 Simple Digest has occasionally (but not always), wrongly reported that there is a comment in moderation, when in fact it has successfully been displayed – perhaps this is connected?

  19. says

    JohnP, I added a plugin version for WP 1.5.1 that doesn’t require any hacking. The only caveat is that it won’t yet work with Spam Karma 2. I’ve notified the plugin’s author of the problem and told him how he can fix it. Basically, SK2 doesn’t report back the $approved status for subsequent plugins.

    Your problem with the Simple Digest plugin sounds unrelated.

  20. says

    Thanks for the response Mark.

    I guess I’ll remove the hacks for now, and wait and see if SK2 gets the necessary upgrade. I get almost no comments sent to moderation these days in any case.

  21. says

    I tried this, however it does not work. Working with the latest 2.2.1 wordpress. I am getting frustrated trying to get a solution to giving my readers a confirmation after the successfully post!


  1. finally presented with a 403 Forbidden page load error. Because it’s a bit more likely now that a comment will get moderated, I then added Mark’s code to notify you dear readers of whether or not your comment has been placed in the queue for moderation. Now if a spammer cleverly gets

  2. Dw i’n defnyddio’r hac bach ‘ma i atgoffa pobl sy’n gadael negeeuon yma i fod yn amyneddgar. Ers i mi sylwi ar y sbam cyntaf, mae rhyw 20 darn o sbam “Texas Hold ‘Em” wedi cyrraedd, ond mae’n braf iawn i weld eu bod nhw i gyd wedi

  3. […] You can advise people of this by editing your comments file. If you use popup comments, edit ‘wp-comments-popup.php’ and if you do not, edit ‘wp-comments.php’. Here is a suggested edit: In both files is this code: <p> <input name="submit" type="submit" tabindex="5" value="<?php _e("Say it!"); ?>" /> </p> Change that to the following: <p> <blockquote> Comment moderation is in use. Please do not submit your comment twice – it will appear shortly </blockquote> <input name="submit" type="submit" tabindex="5" value="<?php _e("Say it!"); ?>" /> </p> You can of course change the text and appearance in any way you wish. An alternative for this is to tell commenters that their post has gone into moderation. The code and a full description of this is at Mark’s site Okay, so that is your ‘out of the box’ tools covered, but if you get hit with a concerted attack, you may want to consider other options. […]

  4. […] Para esto ahora existe un solución muy practica, se trata de un hack para los usuarios de wordpress (1.2) llamado Notify Users of Moderation que por medio de un alertbox te avisa si tu comentario a si colocado en lista de moderación. […]

  5. […] WordPress Hack: Notify Users of Moderation Mark has a hack that will pop up a javascript alert to let users know when their comment is going into moderation. (This way they don’t think the comment just got “lost” and submit it again) […]

  6. […] Interesting: Tempus Fugit | TxFx.net | WordPress Hack: Notify Users of Moderation even though my search in that first mentioned PHP file returned zero result. I might have hacked my version already too much and thus can’t even just follow the steps but will need to sit down and figure it out. filed under : asides – wordpress | created in the wee hours – it was 12:36 am to be exact | trackback | rss | no comments » […]