Make WordPress Core

Opened 2 years ago

Last modified 7 months ago

#48473 new enhancement

WordPress installer should prompt to configure options like comments

Reported by: loopy78 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords:
Focuses: administration Cc:


It may be useful to prompt users on installation if they want to turn on features e.g. blog comments during installation. My concern is that many newcomers to WordPress may install a site on production and not consider the security and spam implications of leaving comments on. They may only discover the issues later on.

My motivation for the above is that WordPress is used by many non-tech savvy users. Thus any assistance to secure the default installation would be helpful.

Alternatively, consider making blog comments disabled by default.

Change History (2)

#1 @knutsp
2 years ago

  • Focuses administration added
  • Version 5.2.4 deleted

Hello @loopy78 and very welcome to Trac.

Thank you for your suggestion!

IMHO: I don't like so much the idea to put more options onto the install screens. We have a Welcome banner in the admin control panel that already and this has a link to turn comments on or off.

Having comments off by default would be better than further bloating the install page, but comments is a key feature of WordPress. Akismet is (still) bundled with an offer to prevent spam, and so is tens or hundreds of other plugins.

Keep in mind that WordPress is very often instlled by third party script, like Softaculous, and core has limited influence over these. The Welcome banner, however, is where core can design the onboarding experience.

Related: #48167

#2 @leanice
7 months ago

WordPress is very secure and powers some of the largest, most highly-trafficked websites on earth, including WordPress.com, which is one of the top 25 most trafficked websites in the world, and the No.#1 network of websites in the United States. Like any software, vulnerabilities and security issues can be encountered if developers are not following up-to-date best practices or if the server setup, whether internal or managed by a third-party, isn’t optimized for WordPress use. However, if you’re running a fully optimized WordPress install, your site will be running software that is safe, secure, and scalable.
From my suggestion, Akismet is one of the best plugin for WordPress to get rid of spam. Though sometime you might realize, your comment is being filtered as spam by Akismet spam filter. This is a known problem and there could be many reasons for the same, that includes your earlier comments might have been marked as spam by some admins, you using keywords as commentator name, you adding self-promotional link in your comments and so on. While I started commenting on regular blogs where I comment the most, I found that my comments were not appearing in the post, neither I was getting familiar comment that my comment is held under moderation.

Last edited 7 months ago by leanice (previous) (diff)
Note: See TracTickets for help on using tickets.