Title: wp_allow_comment Published: April 25, 2014 Last modified: February 24, 2026 --- # wp_allow_comment( array $commentdata, bool $wp_error = false ): int|string|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿 ## In this article * [Parameters](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#source) * [Hooks](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#hooks) * [Related](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#wp--skip-link--target) Validates whether this comment is allowed to be made. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#parameters)󠁿 `$commentdata`arrayrequired Contains information on the comment. `$wp_error`booloptional When true, a disallowed comment will result in the function returning a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) object, rather than executing [wp_die()](https://developer.wordpress.org/reference/functions/wp_die/). More Arguments from wp_die( … $args ) Arguments to control behavior. If `$args` is an integer, then it is treated as the response code. * `response` int * The HTTP response code. Default 200 for Ajax requests, 500 otherwise. * `link_url` string * A URL to include a link to. Only works in combination with $link_text. * `link_text` string * A label for the link to include. Only works in combination with $link_url. * `back_link` bool * Whether to include a link to go back. Default false. * `text_direction` string * The text direction. This is only useful internally, when WordPress is still loading and the site’s locale is not set up yet. Accepts `'rtl'` and `'ltr'`. Default is the value of [is_rtl()](https://developer.wordpress.org/reference/functions/is_rtl/). * `charset` string * Character set of the HTML output. Default `'utf-8'`. * `code` string * Error code to use. Default is `'wp_die'`, or the main error code if $message is a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/). * `exit` bool * Whether to exit the process after completion. Default true. Default:`false` ## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#return)󠁿 int|string|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) Allowed comments return the approval status (`0|1|'spam'|'trash'`). If `$wp_error` is true, disallowed comments return a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/). ## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#source)󠁿 ```php function wp_allow_comment( $commentdata, $wp_error = false ) { global $wpdb; /* * Simple duplicate check. * expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) */ $dupe = $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = %s AND comment_approved != 'trash' AND ( comment_author = %s ", wp_unslash( $commentdata['comment_post_ID'] ), wp_unslash( $commentdata['comment_parent'] ), wp_unslash( $commentdata['comment_author'] ) ); if ( $commentdata['comment_author_email'] ) { $dupe .= $wpdb->prepare( 'AND comment_author_email = %s ', wp_unslash( $commentdata['comment_author_email'] ) ); } $dupe .= $wpdb->prepare( ') AND comment_content = %s LIMIT 1', wp_unslash( $commentdata['comment_content'] ) ); $dupe_id = $wpdb->get_var( $dupe ); /** * Filters the ID, if any, of the duplicate comment found when creating a new comment. * * Return an empty value from this filter to allow what WP considers a duplicate comment. * * @since 4.4.0 * * @param int $dupe_id ID of the comment identified as a duplicate. * @param array $commentdata Data for the comment being created. */ $dupe_id = apply_filters( 'duplicate_comment_id', $dupe_id, $commentdata ); if ( $dupe_id ) { /** * Fires immediately after a duplicate comment is detected. * * @since 3.0.0 * * @param array $commentdata Comment data. */ do_action( 'comment_duplicate_trigger', $commentdata ); /** * Filters duplicate comment error message. * * @since 5.2.0 * * @param string $comment_duplicate_message Duplicate comment error message. */ $comment_duplicate_message = apply_filters( 'comment_duplicate_message', __( 'Duplicate comment detected; it looks as though you’ve already said that!' ) ); if ( $wp_error ) { return new WP_Error( 'comment_duplicate', $comment_duplicate_message, 409 ); } else { if ( wp_doing_ajax() ) { die( $comment_duplicate_message ); } wp_die( $comment_duplicate_message, 409 ); } } /** * Fires immediately before a comment is marked approved. * * Allows checking for comment flooding. * * @since 2.3.0 * @since 4.7.0 The `$avoid_die` parameter was added. * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing * wp_die() or die() if a comment flood is occurring. */ do_action( 'check_comment_flood', $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'], $wp_error ); /** * Filters whether a comment is part of a comment flood. * * The default check is wp_check_comment_flood(). See check_comment_flood_db(). * * @since 4.7.0 * @since 5.5.0 The `$avoid_die` parameter was renamed to `$wp_error`. * * @param bool $is_flood Is a comment flooding occurring? Default false. * @param string $comment_author_ip Comment author's IP address. * @param string $comment_author_email Comment author's email. * @param string $comment_date_gmt GMT date the comment was posted. * @param bool $wp_error Whether to return a WP_Error object instead of executing * wp_die() or die() if a comment flood is occurring. */ $is_flood = apply_filters( 'wp_is_comment_flood', false, $commentdata['comment_author_IP'], $commentdata['comment_author_email'], $commentdata['comment_date_gmt'], $wp_error ); if ( $is_flood ) { /** This filter is documented in wp-includes/comment-template.php */ $comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) ); return new WP_Error( 'comment_flood', $comment_flood_message, 429 ); } return wp_check_comment_data( $commentdata ); } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/comment.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/comment.php#L691) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/comment.php#L691-L814) ## 󠀁[Hooks](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#hooks)󠁿 [do_action( ‘check_comment_flood’, string $comment_author_ip, string $comment_author_email, string $comment_date_gmt, bool $wp_error )](https://developer.wordpress.org/reference/hooks/check_comment_flood/) Fires immediately before a comment is marked approved. [apply_filters( ‘comment_duplicate_message’, string $comment_duplicate_message )](https://developer.wordpress.org/reference/hooks/comment_duplicate_message/) Filters duplicate comment error message. [do_action( ‘comment_duplicate_trigger’, array $commentdata )](https://developer.wordpress.org/reference/hooks/comment_duplicate_trigger/) Fires immediately after a duplicate comment is detected. [apply_filters( ‘comment_flood_message’, string $comment_flood_message )](https://developer.wordpress.org/reference/hooks/comment_flood_message/) Filters the comment flood error message. [apply_filters( ‘duplicate_comment_id’, int $dupe_id, array $commentdata )](https://developer.wordpress.org/reference/hooks/duplicate_comment_id/) Filters the ID, if any, of the duplicate comment found when creating a new comment. [apply_filters( ‘wp_is_comment_flood’, bool $is_flood, string $comment_author_ip, string $comment_author_email, string $comment_date_gmt, bool $wp_error )](https://developer.wordpress.org/reference/hooks/wp_is_comment_flood/) Filters whether a comment is part of a comment flood. ## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#related)󠁿 | Uses | Description | | [wp_check_comment_data()](https://developer.wordpress.org/reference/functions/wp_check_comment_data/)`wp-includes/comment.php` | Checks whether comment data passes internal checks or has disallowed content. | | [wp_doing_ajax()](https://developer.wordpress.org/reference/functions/wp_doing_ajax/)`wp-includes/load.php` | Determines whether the current request is a WordPress Ajax request. | | [__()](https://developer.wordpress.org/reference/functions/__/)`wp-includes/l10n.php` | Retrieves the translation of $text. | | [wp_unslash()](https://developer.wordpress.org/reference/functions/wp_unslash/)`wp-includes/formatting.php` | Removes slashes from a string or recursively removes slashes from strings within an array. | | [wp_die()](https://developer.wordpress.org/reference/functions/wp_die/)`wp-includes/functions.php` | Kills WordPress execution and displays HTML page with an error message. | | [apply_filters()](https://developer.wordpress.org/reference/functions/apply_filters/)`wp-includes/plugin.php` | Calls the callback functions that have been added to a filter hook. | | [do_action()](https://developer.wordpress.org/reference/functions/do_action/)`wp-includes/plugin.php` | Calls the callback functions that have been added to an action hook. | | [wpdb::get_var()](https://developer.wordpress.org/reference/classes/wpdb/get_var/)`wp-includes/class-wpdb.php` | Retrieves one value from the database. | | [wpdb::prepare()](https://developer.wordpress.org/reference/classes/wpdb/prepare/)`wp-includes/class-wpdb.php` | Prepares a SQL query for safe execution. | | [WP_Error::__construct()](https://developer.wordpress.org/reference/classes/wp_error/__construct/)`wp-includes/class-wp-error.php` | Initializes the error. | [Show 8 more](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#) [Show less](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#) | Used by | Description | | [WP_REST_Comments_Controller::create_item()](https://developer.wordpress.org/reference/classes/wp_rest_comments_controller/create_item/)`wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php` | Creates a comment. | | [wp_new_comment()](https://developer.wordpress.org/reference/functions/wp_new_comment/)`wp-includes/comment.php` | Adds a new comment to the database. | ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_allow_comment/?output_format=md#changelog)󠁿 | Version | Description | | [5.5.0](https://developer.wordpress.org/reference/since/5.5.0/) | The `$avoid_die` parameter was renamed to `$wp_error`. | | [4.7.0](https://developer.wordpress.org/reference/since/4.7.0/) | The `$avoid_die` parameter was added, allowing the function to return a [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) object instead of dying. | | [2.0.0](https://developer.wordpress.org/reference/since/2.0.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_allow_comment%2F) before being able to contribute a note or feedback.