Codebase Structure
Core Architecture
The Private Comments plugin is designed as a lightweight, single-file extension for WordPress. The logic is encapsulated within the primary plugin file, ensuring minimal overhead and easy integration into existing WordPress themes and workflows.
Primary Entry Point: private-comments.php
The private-comments.php file serves as the main controller. It handles the plugin initialization, security checks, and the registration of WordPress hooks required to modify comment visibility.
Comment Visibility Logic
The plugin fundamentally alters how WordPress retrieves and displays comments. It hooks into the comment query lifecycle to ensure that the dataset returned by the database is pre-filtered based on the current user's identity.
- Logic Flow: When a request is made to display comments (via
get_commentsor the comment loop), the plugin checks the capabilities of the current visitor. - Authorized Users:
- Administrators: Have unrestricted access to all comments.
- Post Authors: Can see all comments left on their own posts.
- Comment Authors: Can see their own comments, regardless of the post.
- Unauthorized Users: Any user or guest not meeting the criteria above will see a filtered view, excluding private discussions.
Internal Filters
While the logic is automated upon activation, the plugin utilizes standard WordPress filters to maintain compatibility with the core database schema.
| Hook | Role | Internal/Public |
| :--- | :--- | :--- |
| comments_clauses | Modifies the SQL WHERE clause to filter comments at the database level. | Internal |
| wp_count_comments | Adjusts the comment count displayed in the UI to match the filtered results. | Internal |
Usage for Developers
The plugin is designed to work "out of the box" without configuration. However, if you are developing a custom theme or plugin that interacts with comments, you should be aware of how this plugin affects data retrieval.
Querying Comments Programmatically
When using get_comments(), the results will be automatically filtered if the query is run in a front-end context. If you need to bypass these restrictions in your own custom admin-side tools, ensure you are running the query as an administrator.
// Example: Standard comment retrieval
// This will return only the comments visible to the current user.
$comments = get_comments( array(
'post_id' => $post->ID,
'status' => 'approve',
) );
Checking for Plugin Presence
If you are building an integration, you can check if the Private Comments logic is active by verifying the existence of the plugin's core constants or classes:
if ( defined( 'PRIVATE_COMMENTS_VERSION' ) ) {
// Logic specific to environments where comments are private
}
Security Considerations
The plugin applies filters at the query level. This means that even if a user attempts to access a comment via a direct API request or a custom loop, the WordPress database engine will exclude unauthorized records before they are ever sent to the application layer. This "deny-by-default" approach ensures that privacy is maintained across various theme implementations.