Description
This plugin prevents comments from registered users (or, alternatively, those with specified capabilities) from ever going into the moderation queue or getting automatically marked as spam, regardless of the apparent spamminess of the comment.
To be recognized as a registered user, the user must be logged into your site at the time they post their comment. The plugin applies to front-end submissions and authenticated REST API requests only; it does not affect comment imports, CLI tools, cron jobs, or other programmatic creation without a logged-in user.
This plugin assumes that you trust your registered users. It will automatically approve any comment made by registered users, even if the comment stinks of spam. Therefore, it is recommended that you do not allow users to register themselves (uncheck the setting „Anyone can register” in the WordPress admin under Settings -> General).
However, when open registration is enabled, the plugin automatically requires users to have a capability above the site’s default role before their comments bypass moderation or spam checks. For example, when the default role is subscriber, users must have at least the contributor role (which has the edit_posts capability). You can customize this behavior using the ‚c2c_never_moderate_registered_users_open_registration_caps’ filter. See the developer documentation for details.
You can further restrict which users bypass moderation by enabling „Trust only privileged users to bypass comment moderation and spam checks” on the Settings -> Discussion admin page. That setting requires users to be able to publish posts or moderate comments before their comments bypass moderation or spam checks. You can also use the ‚c2c_never_moderate_registered_users_caps’ filter to specify trusted roles and capabilities in custom code. See the FAQ for an example.
This plugin is a partial successor to my now-defunct Never Moderate Admins or Post Author plugin. The primary purpose of that plugin was to prevent admins and the post’s author from being moderated. WordPress eventually integrated that functionality. However, that plugin also allowed you to prevent registered users from being moderated, which is still a valid need not directly facilitated by WordPress, thus this plugin was spun out.
Links: Plugin Homepage | Plugin Directory Page | GitHub | Author Homepage
Developer Documentation
Developer documentation can be found in DEVELOPER-DOCS.md. That documentation covers the numerous hooks provided by the plugin. Those hooks are listed below to provide an overview of what’s available.
c2c_never_moderate_registered_users_open_registration_caps: Customize the capabilities required to bypass moderation when open registration is enabled.c2c_never_moderate_registered_users_privileged_caps: Customize the capabilities that identify privileged users when the Discussion setting is enabled.c2c_never_moderate_registered_users_caps: Customize the capabilities that are automatically trusted, any one of which a user must have in order to never get moderated.c2c_never_moderate_registered_users_approved: Customize granular control for whether a comment by a registered user that would otherwise be moderated or marked as spam should automatically be approved.c2c_never_moderate_registered_users_auto_approved: Fires when the plugin auto-approves a comment that would otherwise have been moderated or marked as spam.
Installation
- Install via the built-in WordPress plugin installer. Or install the plugin code inside the plugins directory for your site (typically
/wp-content/plugins/). - Activate the plugin through the ‚Plugins’ admin menu in WordPress
- Optional: Enable „Trust only privileged users to bypass comment moderation and spam checks” on the Settings -> Discussion admin page if you want to limit the feature to users who can publish posts or moderate comments.
- Optional: Use one or more of the provided hooks in custom code to control specific capabilities that should be exempted from moderation and spam or to control the feature on a comment-by-comment basis.
FAQ
-
Hey, why did I get some obvious spam from a registered user?
-
This plugin assumes that any comment made by a registered user (or a user with a specified capabilities) is not spam, regardless of the spamminess of their comment. If you don’t trust your registered users you probably shouldn’t have this plugin activated. Or at least follow the directions above to increase the minimum threshold for trusted users.
-
I don’t trust registered users who are just „subscribers”. Can this plugin accommodate a stricter standard of trust?
-
Yes. The plugin itself adjusts the minimum trust level if open registration is enabled. And regardless of that, there is an admin setting to easily facilitate stricter trust, and an offered filter for more programmatic customization.
- When open registration is enabled, users must exceed the site’s default registration role before bypassing moderation (for example, only contributors or higher are trusted when the default role is subscriber).
- To limit the feature to users who can publish posts or moderate comments, enable „Trust only privileged users to bypass comment moderation and spam checks” on the Settings -> Discussion admin page.
- The ‚c2c_never_moderate_registered_users_caps’ filter allows programmatic customization of the specific capabilities or roles to trust. See the developer documentation for examples.
-
Does this plugin have unit tests?
-
Yes. The tests are not packaged in the release .zip file or included in plugins.svn.wordpress.org, but can be found in the plugin’s GitHub repository.
Reviews
Contributors & Developers
“Never Moderate Registered Users” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Never Moderate Registered Users” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
3.0 (2026-06-19)
Highlights:
This recommended major release adds a setting to enable only trusting privileged users, requires stricter trust for open registration sites, adds an action that fires when the plugin overrides comment approval, disables handling of programmaticly created comments (CLI, import, etc), namespaces and restructures the plugin code, notes compatibility through WP 7.0+, drops compatibility with versions of WP older than 6.0, bumps minimum PHP support to 8.0, and more.
Details:
- Change: Don’t consider the default role on open registration sites as trusted
- When open registration is enabled, require a minimum capability above the site’s default role before bypassing moderation or spam checks
- Closed registration sites are unaffected
- New: Add
c2c_never_moderate_registered_users_open_registration_capsfilter to customize open registration trust requirements - New: Add „Trust only privileged users” checkbox to Settings > Discussion
- Requires the
publish_postsormoderate_commentscapability before bypassing moderation or spam checks - Replaces default trust behavior, including the open registration minimum capability, when enabled
- Requires the
- New: Add
c2c_never_moderate_registered_users_privileged_capsfilter to customize privileged user capabilities - New: Add
c2c_never_moderate_registered_users_auto_approvedaction that fires when a comment is auto-approved by the plugin - Change: Limit auto-approval
- Process front-end and authenticated REST API requests (as always)
- Now ignore import, CLI, cron, and other programmatic creation without a session; default WP handling will apply
- Change: Ensure the comment’s
user_idmatches the logged-in user - New: Add function to get the version of the plugin
- Fix: Correctly check for user existence
- Change: Reorganize plugin into namespaced classes under
includes/Trust_Policyfor capability and trust logicComment_Moderatorfor thepre_comment_approvedfilterAdmin_Settingsfor the Discussion settings UIHooksandOptionsfor hook and option name constants
- Change: Remove global helper functions and
function_exists()guards - Change: Use
exitinstead ofdie()when bailing on direct file invocation - Change: Tweak extended description in
readme.txt - Change: Document that
c2c_never_moderate_registered_users_approvedmay run twice per front-end submission since WP 6.7 - Change: Note compatibility through WP 7.0+
- Change: Drop compatibility for WordPress versions older than 6.0
- Change: Require at least PHP 8.0+ and note compatibility through PHP 8.5+
- Change: Add ‚Requires at least’ and ‚Requires PHP’ headers to main plugin file
- Change: Update copyright date (2026)
- Change: Remove unused global
- Change: Fix minor documentation typos or omissions
2.3.6 (2025-04-14)
- Change: Note compatibility through WP 6.8+
- Change: Note compatibility through PHP 8.3+
- Change: Update copyright date (2025)
2.3.5 (2024-08-21)
- Change: Shorten plugin description
- Change: Note compatibility through WP 6.6+
- Change: Update copyright date (2024)
- Change: Reduce number of ‚Tags’ from
readme.txt - Change: Remove development and testing-related files from release packaging
Full changelog is available in CHANGELOG.md.
