wp_check_comment_flood( bool $is_flood, string $ip, string $email, string $date, bool $avoid_die = false ): bool

Checks whether comment flooding is occurring.


Won’t run, if current user can manage options, so to not block administrators.

Top ↑


$is_flood bool Required
Is a comment flooding occurring?
$ip string Required
Comment author's IP address.
$email string Required
Comment author's email address.
$date string Required
MySQL time string.
$avoid_die bool Optional
When true, a disallowed comment will result in the function returning without executing wp_die() or die().
More Arguments from wp_die( ... $args ) Arguments to control behavior. If $args is an integer, then it is treated as the response code.
  • response int
    The HTTP response code. Default 200 for Ajax requests, 500 otherwise.
  • link_url string
    A URL to include a link to. Only works in combination with $link_text.
    Default empty string.
  • link_text string
    A label for the link to include. Only works in combination with $link_url.
    Default empty string.
  • back_link bool
    Whether to include a link to go back. Default false.
  • text_direction string
    The text direction. This is only useful internally, when WordPress is still loading and the site's locale is not set up yet. Accepts 'rtl' and 'ltr'.
    Default is the value of is_rtl() .
  • charset string
    Character set of the HTML output. Default 'utf-8'.
  • code string
    Error code to use. Default is 'wp_die', or the main error code if $message is a WP_Error.
  • exit bool
    Whether to exit the process after completion. Default true.

Default: false

Top ↑


bool Whether comment flooding is occurring.

Top ↑


File: wp-includes/comment.php. View all references

function wp_check_comment_flood( $is_flood, $ip, $email, $date, $avoid_die = false ) {
	global $wpdb;

	// Another callback has declared a flood. Trust it.
	if ( true === $is_flood ) {
		return $is_flood;

	// Don't throttle admins or moderators.
	if ( current_user_can( 'manage_options' ) || current_user_can( 'moderate_comments' ) ) {
		return false;

	$hour_ago = gmdate( 'Y-m-d H:i:s', time() - HOUR_IN_SECONDS );

	if ( is_user_logged_in() ) {
		$user         = get_current_user_id();
		$check_column = '`user_id`';
	} else {
		$user         = $ip;
		$check_column = '`comment_author_IP`';

	$sql = $wpdb->prepare(
		"SELECT `comment_date_gmt` FROM `$wpdb->comments` WHERE `comment_date_gmt` >= %s AND ( $check_column = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1",

	$lasttime = $wpdb->get_var( $sql );

	if ( $lasttime ) {
		$time_lastcomment = mysql2date( 'U', $lasttime, false );
		$time_newcomment  = mysql2date( 'U', $date, false );

		 * Filters the comment flood status.
		 * @since 2.1.0
		 * @param bool $bool             Whether a comment flood is occurring. Default false.
		 * @param int  $time_lastcomment Timestamp of when the last comment was posted.
		 * @param int  $time_newcomment  Timestamp of when the new comment was posted.
		$flood_die = apply_filters( 'comment_flood_filter', false, $time_lastcomment, $time_newcomment );

		if ( $flood_die ) {
			 * Fires before the comment flood message is triggered.
			 * @since 1.5.0
			 * @param int $time_lastcomment Timestamp of when the last comment was posted.
			 * @param int $time_newcomment  Timestamp of when the new comment was posted.
			do_action( 'comment_flood_trigger', $time_lastcomment, $time_newcomment );

			if ( $avoid_die ) {
				return true;
			} else {
				 * Filters the comment flood error message.
				 * @since 5.2.0
				 * @param string $comment_flood_message Comment flood error message.
				$comment_flood_message = apply_filters( 'comment_flood_message', __( 'You are posting comments too quickly. Slow down.' ) );

				if ( wp_doing_ajax() ) {
					die( $comment_flood_message );

				wp_die( $comment_flood_message, 429 );

	return false;

Top ↑


Top ↑


Version Description
4.7.0 Introduced.

Top ↑

User Contributed Notes

You must log in before being able to contribute a note or feedback.