Debugging Privacy Rules

Verifying Privacy Rules

To ensure that your comments are being restricted correctly, follow these testing procedures. Because this plugin modifies the global comment query, it is important to test visibility across different user roles.

Testing Visibility Scenarios

Use the following table to verify who should see comments on a post:

| User Role | Can See Own Comment? | Can See Others' Comments? | | :--- | :--- | :--- | | Administrator | Yes | Yes | | Post Author | Yes | Yes | | Comment Author | Yes | No | | Guest / Logged Out | No | No | | Subscriber (Not Author) | Yes (their own) | No |

Step-by-Step Verification

1. Public Interface Check (Guest)

The most critical check is ensuring the general public cannot see any comments.

1. Open your website in a Private/Incognito browser window.
2. Navigate to a post that you know has comments.
3. Verify that the comments section displays "No comments" or simply shows the comment form without listing previous entries.

2. Comment Author Check

1. Log in as a standard user (Subscriber or Contributor).
2. Leave a comment on a post.
3. Refresh the page. You should see your own comment.
4. Log out and view the same post. The comment should no longer be visible.

3. Post Author Check

1. Log in as a user with the "Author" or "Editor" role who has published a specific post.
2. View that post. You should be able to see all comments left by other users on your content.

Troubleshooting Common Issues

If comments are still appearing to the public after activation, check the following:

Page Caching

Most WordPress performance plugins (like WP Rocket, W3 Total Cache, or Autoptimize) and host-level caching (like Varnish or Nginx FastCGI) store the HTML of a page.

• Action: Clear all site caches after activating the plugin.
• Test: Re-test in an Incognito window to ensure you are not seeing a cached version of the page from before the plugin was active.

Custom Theme Queries

The plugin hooks into standard WordPress comment queries (comments_template and get_comments). If your theme uses a highly customized or "hard-coded" SQL query to fetch comments, the privacy rules may be bypassed.

• Action: Temporarily switch to a default theme (like Twenty Twenty-Four) to see if the issue persists. If it works on the default theme but not yours, your theme is likely using a non-standard method to display comments.

Plugin Conflicts

Other security or "Comment Management" plugins may interfere with the query filters.

• Action: Disable other comment-related plugins one by one to identify if a conflict exists.