Hack: Better Comment Notification Text and Removing Email Address Data

Like a lot of people, I freaked out a bit over GDPR right around the time it started. Even though I am in the United States and don’t have any business location in Europe, there were lawyers blogging and scaring people into thinking that the EU was gonna start sending stormtroopers into the USA to detain bloggers who so much as kept a simple server log.

At my biggest site, I don’t even allow people to create accounts. You can comment anonymously, and that is about it. But I do ask for an email address when you comment, so if I decide to respond by email I can. At that site, many comments are people asking questions.

But I did want to clean up my act and NOT save that email to the WordPress database. So then if my server is compromised, no email addresses will be found.

This is fairly easy to do. You just need to use the comment_notification_text filter hook. Then inside your function, you can use wp_update_comment to update the comment to set the email to nothing.

But before I do that, I’ll have the script send me an email as if it came from the commenter. That way I do have that chance to email them back. This is my alternative to the regular WordPress email notification, which I think gets sent after this filter is applied. So this is my last chance to use that email address before it is erased.

// send a better email with just the basics and no IP address, then strip the email address so it is never saved (GDPR)
add_filter('comment_notification_text', 'commentNotificationText', 10 , 2);
function commentNotificationText($text,$comment_id) {
	$comment = get_comment($comment_id);
	$post_ID = $comment->comment_post_ID;
	// nicer email
	$text = html_entity_decode($comment->comment_content) ."\n\n----------\n\n";
	$text .= 'Author: '.$comment->comment_author."\n";
	$text .= 'Permalink: '.get_the_permalink($post_ID).'#comment-'.$comment_id."\n";
	$text .= 'Trash it: '.get_site_url().'/wp-admin/comment.php?action=trash&c='.$comment_id.'#wpbody-content-content'."\n";
	$text .= 'Spam it: '.get_site_url().'/wp-admin/comment.php?action=spam&c='.$comment_id.'#wpbody-content-content';

	// strip email address
	$commentchanges = array();
	$commentchanges['comment_ID'] = $comment->comment_ID;
	$commentchanges['comment_author_email'] = '';
	return $text;

There is some good stuff in there in the part where the email is formatted. I put a direct link to trash or spam the email, as well as a link to the post itself so I can just respond right there on the post page.

Leave a Reply

Your email address will not be published. Required fields are marked *