Why are authors allowed to approve comments on their posts? How to revoke privilege?

The ability to set comment status is tied to the “edit_comment” capability, which is a meta-capability in WordPress. It maps to the “edit_post” capability, which is another meta-capability that varies depending on whether a post is published or not.

In the end, if a post is published, then edit_comment ends up mapping to “edit_published_posts” for the post_author, or “edit_others_posts” for people who are not the post author. Meaning that yes, people marked as Author have the ability to moderate comments on their own posts, but not across the board like people with the “moderate_comments” capability would.

As this is hardcoded (as all meta-caps are), you would need to add an additional filter to turn it off. It’s not something you can adjust with a role manager plugin.

A simpler way would be to make those people not Authors, but Contributors instead. As Authors already have the ability to “publish_posts” on their own, and thus add content to the site without additional approval, they are expected to be trusted users in the sense that they can add content and thus able to approve comments.

Another way would be to remove the “edit_published_posts” from the Author, but this would also disallow them from editing content once it has been published. Again, this makes sense, if they can’t be trusted to show comments, then they shouldn’t be trusted to change already published content either.

It all really depends on trust and what you want to allow people to do. The system is consistent as it is now, in terms of security.

Related Posts:

  1. how to make author to write comment on only his own posts?
  2. Only Allow post author and “Premium” Role user to comment
  3. How to change the email notification recipient (user) for new comments?
  4. Change Comment Author Display Name
  5. Check If comment author is registered
  6. Comment Author Name In Reply Form
  7. Display all comments or recent comments per user on author page
  8. Add a drop down list to comment form?
  9. Prevent Contributor to show comment list
  10. Expanding the allowed HTML tags in comments?
  11. How to check if commenter is the_author?
  12. Let user edit his own comment
  13. Capability for allowing user to post own comments without moderation
  14. edit comments capability for authors
  15. Why do comment moderators need to have all create/edit/delete toboth posts and pages?
  16. How to allow a particular role like Contributor be able to only view pending comments and approve them?
  17. Users with custom roles can’t read each other’s comments
  18. Hide notifications regarding new comments
  19. List user comments in author page
  20. Author can only see own post comment and can moderate
  21. WordPress comments on users profile
  22. Comment displaying full name even after setting another display name?
  23. Same email for all comments
  24. Notify post author for a new comment on his post?
  25. Show comments of a user post only when they are login
  26. Grant a person permission to moderate all comments on a blog without giving them the ability to edit other peoples post
  27. How many members have made comments approved for an article?
  28. Commentlist: bypostauthor problem with children list
  29. How Do I Allow Comment Moderation for Other User’s Posts?
  30. get_comment_author_link not working properly
  31. Get Comment Author ID on the fly while posting
  32. Show image next to the comment author if have certain role
  33. Is there a way to only allow certain user ranks to comment on a post
  34. How can I hide comment of the authors from their published posts?
  35. WordPress Custom Local Avatar not showing in comments
  36. Attaching author tag to the comment
  37. How to prevent users/authors from seing IP/email of new commentators?
  38. Author name length character limit?
  39. Comments counter only for Authors Posts
  40. Showing different images depending on user role
  41. Why the capability ‘activate_plugins’ is needed to allow a role to see all posts/pages/comments?
  42. Comments pagination on author page
  43. Change author, disable comments, enable trackbacks for all items in library
  44. Prevent author from editing comments from others in their post
  45. URLs to user page is broken
  46. Listing comment author role code problem
  47. How to ‘If Author’ Comments Check
  48. Auto approve all comments (editor)
  49. How to let contributors to create a new revision(draft) editing their published posts
  50. Paginate result set from $wpdb->get_results()
  51. Threaded comments – deleting parent comment leads to orphan comments
  52. How can I edit the email sent when a new comment is received?
  53. How to remove or replace the log-in link for comment replies?
  54. Add Comment Custom Field
  55. Remove link preview in discussion dashboard
  56. Can’t add default comments to custom post type
  57. Does Akismet plugin expose any hooks, functions, class that can work with custom code?
  58. Comments Feed & Custom Post Statuses
  59. Multiple Comment Forms in a single page [closed]
  60. Displaying comments with a walker: how to distinguish between parent and child comments
  61. Count parent comments & replies separately?
  62. How to modify comments form using comment_form()?
  63. How would I count the number of times a comment meta field’s value is in a post’s entire comments?
  64. Get comment content by comment ID
  65. stackexchange-like submit comment window
  66. Get total number of comment of the posts written by an author
  67. Show only if x comments?
  68. Ajax comments not working
  69. Changing the comments link produced by the get_comments_link() and get_comments_pagenum_link() functions
  70. Redirect to page 2 after comment
  71. How to change avatar of the comment author using comment ID?
  72. Automatically increase comment karma on comment save
  73. How to handle upvotes and downvotes of disqus comments after importing disqus comments to wordpress?
  74. All users/comments suspected as bot? [closed]
  75. comments in Admin
  76. Get all child comments ids from parent comment id
  77. Which hook do I use to edit pending comment count on wordpress dashboard?
  78. Add comment_id on Comments page within wp-admin
  79. comment button shows only logged in users wordpress
  80. Getting comments of an specefic user
  81. I update a post and it creates a pingback? Any idea why?
  82. How can I embed comments plugin to my own website?
  83. get only one last comment from each post
  84. Limit action in comment according to IP
  85. How to get recent comment link
  86. Can I create a new comment type?
  87. How / where is the wp_query object created for RSS feeds?
  88. Admin user name not showing up in author dropdown
  89. Cannot Remove Title Reply from Custom Comment Template for Signup Page
  90. I have an odd field with a purple background, mentioning HTML-codes to use while leaving comments
  91. Order comments in admin by custom date
  92. WordPress Comments – Divide by conversation like Medium.com
  93. Posting XML in comment section
  94. How to check if post has previous_comments_link() and next_comments_link()
  95. Comments – Ensure the correct field is highlighted for nested replies
  96. Comment Blacklist
  97. WordPress Page Template: Comment Filtering with Querystring
  98. comments are going to spam
  99. How to enable truly anonymous posting in bbPress forums? [closed]
  100. How can I filter the user avatar displayed in comments? – get_avatar_url filter works everywhere but not in comments