WordPress Hook Architecture

WordPress Hook Architecture

The Private Comments plugin integrates directly with the WordPress database abstraction layer to ensure comment privacy is enforced at the query level. By intercepting comment queries before they are executed, the plugin ensures that unauthorized users cannot access private comment data through standard WordPress functions like get_comments() or the Comment Block.

Query Interception

The core logic of the plugin relies on the comments_clauses filter. This filter allows the plugin to modify the SQL clauses used to fetch comments from the database.

The comments_clauses Filter

The plugin hooks into comments_clauses to append custom WHERE requirements. This ensures that even if a developer uses a custom query, the privacy restrictions remain active.

Logic Applied: The plugin modifies the where clause to include a conditional check that validates the current requester against:

• Comment Author: Matches the user_id or comment_author_email.
• Post Author: The owner of the post where the comment was left.
• Administrator: Users with the manage_options capability.

/**
 * Example of how the SQL clauses are modified internally:
 * 
 * Original: WHERE comment_approved = '1'
 * Modified: WHERE comment_approved = '1' AND (user_id = 123 OR comment_author_email = 'user@example.com' OR ...)
 */

Comment Count Synchronization

To maintain UI consistency, the plugin filters comment counts to ensure that the numbers displayed on the frontend (e.g., "5 Comments") reflect only the comments the current user is permitted to see.

wp_count_comments

The plugin intercepts the wp_count_comments filter. This prevents "ghost counts" where a post might claim to have multiple comments, but none are visible to the visitor, which can be confusing for UX.

get_comments_number

This filter is used to modify the numeric output returned by the standard get_comments_number() function.

| Hook | Purpose | | :--- | :--- | | comments_clauses | Filters the SQL used to retrieve comment objects. | | wp_count_comments | Adjusts the total comment statistics for a post. | | get_comments_number | Modifies the comment count displayed in themes. |

Visibility Logic

The plugin evaluates the following hierarchy when deciding whether to include a comment in the result set:

1. Global Bypass: If the user has the manage_options capability (Administrators), all comments are returned.
2. Authorship Check: If the user_id of the current logged-in user matches the user_id of the post author, all comments for that post are returned.
3. Ownership Check: If the comment_author_email or user_id matches the current session, that specific comment is returned.

Frontend Integration

The plugin specifically targets frontend requests. It typically detects if the current request is within the WordPress Admin dashboard (is_admin()).

• Admin Dashboard: Restrictions are usually lifted to allow moderators to manage all site discussions.
• Frontend/REST API: Restrictions are strictly enforced to protect user privacy during public browsing or via headless requests.

Usage in Custom Themes

If you are developing a custom theme, no additional implementation is required. The plugin automatically filters the output of standard WordPress comment loops:

// This standard call will automatically be filtered by the plugin architecture
$comments = get_comments( array( 'post_id' => $post->ID ) );

foreach ( $comments as $comment ) {
    // Only authorized comments will appear here
    echo $comment->comment_content;
}