Never Moderate Registered Users

Description

This plugin prevents comments from registered users (or, alternatively, those with specified capabilities) from ever going into the moderation queue or getting automatically marked as spam, regardless of the apparent spamminess of the comment.

To be recognized as a registered user, the user must be logged into your site at the time they post their comment. The plugin applies to front-end submissions and authenticated REST API requests only; it does not affect comment imports, CLI tools, cron jobs, or other programmatic creation without a logged-in user.

This plugin assumes that you trust your registered users. It will automatically approve any comment made by registered users, even if the comment stinks of spam. Therefore, it is recommended that you do not allow users to register themselves (uncheck the setting „Anyone can register” in the WordPress admin under Settings -> General).

However, when open registration is enabled, the plugin automatically requires users to have a capability above the site’s default role before their comments bypass moderation or spam checks. For example, when the default role is subscriber, users must have at least the contributor role (which has the edit_posts capability). You can customize this behavior using the ‚c2c_never_moderate_registered_users_open_registration_caps’ filter. See the developer documentation for details.

You can further restrict which users bypass moderation by enabling „Trust only privileged users to bypass comment moderation and spam checks” on the Settings -> Discussion admin page. That setting requires users to be able to publish posts or moderate comments before their comments bypass moderation or spam checks. You can also use the ‚c2c_never_moderate_registered_users_caps’ filter to specify trusted roles and capabilities in custom code. See the FAQ for an example.

This plugin is a partial successor to my now-defunct Never Moderate Admins or Post Author plugin. The primary purpose of that plugin was to prevent admins and the post’s author from being moderated. WordPress eventually integrated that functionality. However, that plugin also allowed you to prevent registered users from being moderated, which is still a valid need not directly facilitated by WordPress, thus this plugin was spun out.

Links: Plugin Homepage | Plugin Directory Page | GitHub | Author Homepage

Developer Documentation

Developer documentation can be found in DEVELOPER-DOCS.md. That documentation covers the numerous hooks provided by the plugin. Those hooks are listed below to provide an overview of what’s available.

  • c2c_never_moderate_registered_users_open_registration_caps : Customize the capabilities required to bypass moderation when open registration is enabled.
  • c2c_never_moderate_registered_users_privileged_caps : Customize the capabilities that identify privileged users when the Discussion setting is enabled.
  • c2c_never_moderate_registered_users_caps : Customize the capabilities that are automatically trusted, any one of which a user must have in order to never get moderated.
  • c2c_never_moderate_registered_users_approved : Customize granular control for whether a comment by a registered user that would otherwise be moderated or marked as spam should automatically be approved.
  • c2c_never_moderate_registered_users_auto_approved : Fires when the plugin auto-approves a comment that would otherwise have been moderated or marked as spam.

Installation

  1. Install via the built-in WordPress plugin installer. Or install the plugin code inside the plugins directory for your site (typically /wp-content/plugins/).
  2. Activate the plugin through the ‚Plugins’ admin menu in WordPress
  3. Optional: Enable „Trust only privileged users to bypass comment moderation and spam checks” on the Settings -> Discussion admin page if you want to limit the feature to users who can publish posts or moderate comments.
  4. Optional: Use one or more of the provided hooks in custom code to control specific capabilities that should be exempted from moderation and spam or to control the feature on a comment-by-comment basis.

FAQ

Hey, why did I get some obvious spam from a registered user?

This plugin assumes that any comment made by a registered user (or a user with a specified capabilities) is not spam, regardless of the spamminess of their comment. If you don’t trust your registered users you probably shouldn’t have this plugin activated. Or at least follow the directions above to increase the minimum threshold for trusted users.

I don’t trust registered users who are just „subscribers”. Can this plugin accommodate a stricter standard of trust?

Yes. The plugin itself adjusts the minimum trust level if open registration is enabled. And regardless of that, there is an admin setting to easily facilitate stricter trust, and an offered filter for more programmatic customization.

  • When open registration is enabled, users must exceed the site’s default registration role before bypassing moderation (for example, only contributors or higher are trusted when the default role is subscriber).
  • To limit the feature to users who can publish posts or moderate comments, enable „Trust only privileged users to bypass comment moderation and spam checks” on the Settings -> Discussion admin page.
  • The ‚c2c_never_moderate_registered_users_caps’ filter allows programmatic customization of the specific capabilities or roles to trust. See the developer documentation for examples.

Does this plugin have unit tests?

Yes. The tests are not packaged in the release .zip file or included in plugins.svn.wordpress.org, but can be found in the plugin’s GitHub repository.

Reviews

30 stycznia 2024
I love this minimal plugins that do exactly what is expected, without unuseful stuff.Is incredible that this small feature is not natively supported by WordPress
1 czyrwnia 2018 3 replies
J’ai beau chercher, mais vu que tout ramène à du php, je pense que ce plugin est destiné aux programmeurs d’autres plugin. Pour un utilisateur lambda, autant intaller un distributeur de barbe à papa sur votre site, vous obtiendrez la même chose….rien.
Read all 3 reviews

Contributors & Developers

“Never Moderate Registered Users” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

3.0 (2026-06-19)

Highlights:

This recommended major release adds a setting to enable only trusting privileged users, requires stricter trust for open registration sites, adds an action that fires when the plugin overrides comment approval, disables handling of programmaticly created comments (CLI, import, etc), namespaces and restructures the plugin code, notes compatibility through WP 7.0+, drops compatibility with versions of WP older than 6.0, bumps minimum PHP support to 8.0, and more.

Details:

  • Change: Don’t consider the default role on open registration sites as trusted
    • When open registration is enabled, require a minimum capability above the site’s default role before bypassing moderation or spam checks
    • Closed registration sites are unaffected
  • New: Add c2c_never_moderate_registered_users_open_registration_caps filter to customize open registration trust requirements
  • New: Add „Trust only privileged users” checkbox to Settings > Discussion
    • Requires the publish_posts or moderate_comments capability before bypassing moderation or spam checks
    • Replaces default trust behavior, including the open registration minimum capability, when enabled
  • New: Add c2c_never_moderate_registered_users_privileged_caps filter to customize privileged user capabilities
  • New: Add c2c_never_moderate_registered_users_auto_approved action that fires when a comment is auto-approved by the plugin
  • Change: Limit auto-approval
    • Process front-end and authenticated REST API requests (as always)
    • Now ignore import, CLI, cron, and other programmatic creation without a session; default WP handling will apply
  • Change: Ensure the comment’s user_id matches the logged-in user
  • New: Add function to get the version of the plugin
  • Fix: Correctly check for user existence
  • Change: Reorganize plugin into namespaced classes under includes/
    • Trust_Policy for capability and trust logic
    • Comment_Moderator for the pre_comment_approved filter
    • Admin_Settings for the Discussion settings UI
    • Hooks and Options for hook and option name constants
  • Change: Remove global helper functions and function_exists() guards
  • Change: Use exit instead of die() when bailing on direct file invocation
  • Change: Tweak extended description in readme.txt
  • Change: Document that c2c_never_moderate_registered_users_approved may run twice per front-end submission since WP 6.7
  • Change: Note compatibility through WP 7.0+
  • Change: Drop compatibility for WordPress versions older than 6.0
  • Change: Require at least PHP 8.0+ and note compatibility through PHP 8.5+
  • Change: Add ‚Requires at least’ and ‚Requires PHP’ headers to main plugin file
  • Change: Update copyright date (2026)
  • Change: Remove unused global
  • Change: Fix minor documentation typos or omissions

2.3.6 (2025-04-14)

  • Change: Note compatibility through WP 6.8+
  • Change: Note compatibility through PHP 8.3+
  • Change: Update copyright date (2025)

2.3.5 (2024-08-21)

  • Change: Shorten plugin description
  • Change: Note compatibility through WP 6.6+
  • Change: Update copyright date (2024)
  • Change: Reduce number of ‚Tags’ from readme.txt
  • Change: Remove development and testing-related files from release packaging

Full changelog is available in CHANGELOG.md.