Adding attachments in the WordPress comments can be very helpful in certain situations. Perhaps you want others to share images or documents regarding the topic. A good example would be if someone needs help and is willing to submit screenshots.
There are a number of situations where uploading comment images would be beneficial. By default, the comment section in WordPress doesn’t allow this feature. However, it can be done if you use the right plugin.
In this tutorial, I am going to show you how to add attachments in comments of WordPress. It’s an easy system that allows your visitors to contribute to the site. It may also inspire those individuals to return at a later date.
Adding Files to WordPress Comments
Today, I am going to feature the Comment Attachment plugin. Currently, it hasn’t been updated in several months. However, I have verified it to work with WordPress 4.8.
Go to the Plugins area of WordPress and click the “Add New” button.
Search for “Comment Attachment” from the text field on the right.
Click “Install Now” then “Activate” buttons for the Comment Attachment Plugin.
Once the plugin is activated, go to the Settings section of WordPress and click “Discussion.”
Scroll down the page until you come to the “Comment Attachment” area. Here is where you fine-tune how others upload files to the website.
Using Comment Attachment
You’ll have several options available to you in the Comment Attachment area. These let you control everything from the text before the file to the size. You can also show the attachment as a link or use it as a thumbnail if it is an image.
One of the great features of this plugin is that WordPress can attempt to embed the file if it’s an audio or video clip. For example, users can place video content directly in the comment section as a type of video reply.
Allowed File Types
Comment Attachment allows for a long list of supported file types. This lets you restrict what exactly can be placed on your webpage by visitors. For instance, you could set the system to only allow JPG images by clicking its checkbox.
The plugin supports the most popular of file formats ranging from GIF imagery to MP4 video files. In fact, it also supports APK attachments, also known as Android Package Kits. This is useful for those who share apps or are interested in creating an Android-centered blog or website.
What About Malware?
Unfortunately, there is bound to be someone or some bot that will try to upload malware to your site in the comment section. However, you can easily reduce the risks by using a few techniques.
Sign In to Comment
Forcing users to register on the site or otherwise sign in to a social media profile before commenting reduces bot activity. This also ties a person to the attachment. This won’t stop all malicious attempts, but it will greatly reduce the impact.
Use File Scanning
Many security plugins available in WordPress constantly scan the site for problematic coding. Unfortunately, not every scanner is 100 percent fool-proof. On the other hand, some protection is better than none at all. WordFence is a free and useful plugin for this purpose as well as protecting the site overall.
Manually Approve Comments
A good way to reduce the damage caused by fraudulent attachments is to manually approve the comment. This gives you a chance to make sure the attachment is legitimate and won’t cause a problem for your visitors. Just make sure you have your own firewall before opening them.
Use Anti-Spam Measurements
Keeping spam off of the comments is a good measure to have regardless if you offer attachments or not. Using anti-spam measurements reduces the influx of bots and limits the amount of work you need to put into keeping the comment section clean.
Using Comment File Uploads
There is a degree of trust when it comes to allowing visitors to upload files to the comment section. It can be a useful feature, but it’s one you will have to monitor with great vigilance. While many people will use the ability as it was intended, never underestimate the criminal element. Keep your WordPress web-hosted site protected and watch how others interact with your content.
What kind of security measures do you put into place? What abilities do you give your visitors other than reading content?
I have done everything as above to attach an image to my comments. i browse, select an image and press Open. Nothing appears in my comment field which is open in my wordpress blog. What can be wrong?
Will appreciate your advice.
There’s a known XSS vulnerability with the Comment Attachment plugin that could allow an attacker to gain admin privileges.
https://wpvulndb.com/vulnerabilities/6906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6010