If you allow completely unfiltered text, then yes, it’s very easy to post something harmful.
The main culprit would be JavaScript, which can cause some serious isuses, but depending on how your site is set up you may also have PHP code added that executes on your server, and that woudl be somewhere close to catastrpohic.
Catacaustic, do the default WordPress settings catch javascript or php? Is there something that has to be checked under Discussion Settings or are there plugins I could get?
I basically want a comment section like Google blogspots where people can choose certain identities like Facebook, WordPress, etc… or be anonymous:
http://robinlynsey.blogspot.com/2015/11/possum.html#comment-form (not my site)
I’m planning on getting Anti-Spam by CleanTalk for spam but what plugin would look like Google Blogspot and also catch malicious code?
The standard WordPres systems only allow some basic HTML tags, and will strip out anything that’s JavaScript or PHP. On top of that PHP won’t run in a comment section unless you install a plugin that specifically tells it too, which is a very bad idea.
As far as choosing who you’re commenting as, that’s a very different thing. There might be some plugins out there that enable that, but I haven’t gone looking for them so hopefully someone else out there may have some morr idea than I do.
Ok, Thanks. Seems like I’d have to go really out of my way to have a scenario where someone could type in effective Javascript or php in the comment section.
Please comment if anyone knows how I can get my comments to look like:
http://robinlynsey.blogspot.com/2015/11/possum.html#comment-form
Basically a Google Blogspot look.
