wp_check_comment_flood

The timeline below displays how wordpress function wp_check_comment_flood has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 5.5

/**
 * Checks whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 4.7.0
 *
 * @global wpdb $wpdb WordPress database abstraction object.
 *
 * @param bool   $is_flood  Is a comment flooding occurring?
 * @param string $ip        Comment author's IP address.
 * @param string $email     Comment author's email address.
 * @param string $date      MySQL time string.
 * @param bool   $avoid_die When true, a disallowed comment will result in the function
 *                          returning without executing wp_die() or die(). Default false.
 * @return bool Whether comment flooding is occurring.
 */
function wp_check_comment_flood($is_flood, $ip, $email, $date, $avoid_die = false)
{
    global $wpdb;
    // Another callback has declared a flood. Trust it.
    if (true === $is_flood) {
        return $is_flood;
    }
    // Don't throttle admins or moderators.
    if (current_user_can('manage_options') || current_user_can('moderate_comments')) {
        return false;
    }
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if (is_user_logged_in()) {
        $user = get_current_user_id();
        $check_column = '`user_id`';
    } else {
        $user = $ip;
        $check_column = '`comment_author_IP`';
    }
    $sql = $wpdb->prepare("SELECT `comment_date_gmt` FROM `{$wpdb->comments}` WHERE `comment_date_gmt` >= %s AND ( {$check_column} = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email);
    $lasttime = $wpdb->get_var($sql);
    if ($lasttime) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filters the comment flood status.
         *
         * @since 2.1.0
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 1.5.0
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if ($avoid_die) {
                return true;
            } else {
                /**
                 * Filters the comment flood error message.
                 *
                 * @since 5.2.0
                 *
                 * @param string $comment_flood_message Comment flood error message.
                 */
                $comment_flood_message = apply_filters('comment_flood_message', __('You are posting comments too quickly. Slow down.'));
                if (wp_doing_ajax()) {
                    die($comment_flood_message);
                }
                wp_die($comment_flood_message, 429);
            }
        }
    }
    return false;
}

WordPress Version: 5.4

/**
 * Checks whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 4.7.0
 *
 * @global wpdb $wpdb WordPress database abstraction object.
 *
 * @param bool   $is_flood  Is a comment flooding occurring?
 * @param string $ip        Comment author's IP address.
 * @param string $email     Comment author's email address.
 * @param string $date      MySQL time string.
 * @param bool   $avoid_die When true, a disallowed comment will result in the function
 *                          returning a WP_Error object, rather than executing wp_die().
 *                          Default false.
 * @return bool Whether comment flooding is occurring.
 */
function wp_check_comment_flood($is_flood, $ip, $email, $date, $avoid_die = false)
{
    global $wpdb;
    // Another callback has declared a flood. Trust it.
    if (true === $is_flood) {
        return $is_flood;
    }
    // Don't throttle admins or moderators.
    if (current_user_can('manage_options') || current_user_can('moderate_comments')) {
        return false;
    }
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if (is_user_logged_in()) {
        $user = get_current_user_id();
        $check_column = '`user_id`';
    } else {
        $user = $ip;
        $check_column = '`comment_author_IP`';
    }
    $sql = $wpdb->prepare("SELECT `comment_date_gmt` FROM `{$wpdb->comments}` WHERE `comment_date_gmt` >= %s AND ( {$check_column} = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email);
    $lasttime = $wpdb->get_var($sql);
    if ($lasttime) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filters the comment flood status.
         *
         * @since 2.1.0
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 1.5.0
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if (true === $avoid_die) {
                return true;
            } else {
                /**
                 * Filters the comment flood error message.
                 *
                 * @since 5.2.0
                 *
                 * @param string $comment_flood_message Comment flood error message.
                 */
                $comment_flood_message = apply_filters('comment_flood_message', __('You are posting comments too quickly. Slow down.'));
                if (wp_doing_ajax()) {
                    die($comment_flood_message);
                }
                wp_die($comment_flood_message, 429);
            }
        }
    }
    return false;
}

WordPress Version: 5.2

/**
 * Checks whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 4.7.0
 *
 * @global wpdb $wpdb WordPress database abstraction object.
 *
 * @param bool   $is_flood  Is a comment flooding occurring?
 * @param string $ip        Comment author's IP address.
 * @param string $email     Comment author's email address.
 * @param string $date      MySQL time string.
 * @param bool   $avoid_die When true, a disallowed comment will result in the function
 *                          returning a WP_Error object, rather than executing wp_die().
 *                          Default false.
 * @return bool Whether comment flooding is occurring.
 */
function wp_check_comment_flood($is_flood, $ip, $email, $date, $avoid_die = false)
{
    global $wpdb;
    // Another callback has declared a flood. Trust it.
    if (true === $is_flood) {
        return $is_flood;
    }
    // don't throttle admins or moderators
    if (current_user_can('manage_options') || current_user_can('moderate_comments')) {
        return false;
    }
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if (is_user_logged_in()) {
        $user = get_current_user_id();
        $check_column = '`user_id`';
    } else {
        $user = $ip;
        $check_column = '`comment_author_IP`';
    }
    $sql = $wpdb->prepare("SELECT `comment_date_gmt` FROM `{$wpdb->comments}` WHERE `comment_date_gmt` >= %s AND ( {$check_column} = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email);
    $lasttime = $wpdb->get_var($sql);
    if ($lasttime) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filters the comment flood status.
         *
         * @since 2.1.0
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 1.5.0
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if (true === $avoid_die) {
                return true;
            } else {
                /**
                 * Filters the comment flood error message.
                 *
                 * @since 5.2.0
                 *
                 * @param string $comment_flood_message Comment flood error message.
                 */
                $comment_flood_message = apply_filters('comment_flood_message', __('You are posting comments too quickly. Slow down.'));
                if (wp_doing_ajax()) {
                    die($comment_flood_message);
                }
                wp_die($comment_flood_message, 429);
            }
        }
    }
    return false;
}

WordPress Version: 4.9

/**
 * Checks whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 4.7.0
 *
 * @global wpdb $wpdb WordPress database abstraction object.
 *
 * @param bool   $is_flood  Is a comment flooding occurring?
 * @param string $ip        Comment author's IP address.
 * @param string $email     Comment author's email address.
 * @param string $date      MySQL time string.
 * @param bool   $avoid_die When true, a disallowed comment will result in the function
 *                          returning a WP_Error object, rather than executing wp_die().
 *                          Default false.
 * @return bool Whether comment flooding is occurring.
 */
function wp_check_comment_flood($is_flood, $ip, $email, $date, $avoid_die = false)
{
    global $wpdb;
    // Another callback has declared a flood. Trust it.
    if (true === $is_flood) {
        return $is_flood;
    }
    // don't throttle admins or moderators
    if (current_user_can('manage_options') || current_user_can('moderate_comments')) {
        return false;
    }
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if (is_user_logged_in()) {
        $user = get_current_user_id();
        $check_column = '`user_id`';
    } else {
        $user = $ip;
        $check_column = '`comment_author_IP`';
    }
    $sql = $wpdb->prepare("SELECT `comment_date_gmt` FROM `{$wpdb->comments}` WHERE `comment_date_gmt` >= %s AND ( {$check_column} = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email);
    $lasttime = $wpdb->get_var($sql);
    if ($lasttime) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filters the comment flood status.
         *
         * @since 2.1.0
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 1.5.0
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if (true === $avoid_die) {
                return true;
            } else {
                if (wp_doing_ajax()) {
                    die(__('You are posting comments too quickly. Slow down.'));
                }
                wp_die(__('You are posting comments too quickly. Slow down.'), 429);
            }
        }
    }
    return false;
}

WordPress Version: 4.7

/**
 * Checks whether comment flooding is occurring.
 *
 * Won't run, if current user can manage options, so to not block
 * administrators.
 *
 * @since 4.7.0
 *
 * @global wpdb $wpdb WordPress database abstraction object.
 *
 * @param bool   $is_flood  Is a comment flooding occurring?
 * @param string $ip        Comment IP.
 * @param string $email     Comment author email address.
 * @param string $date      MySQL time string.
 * @param bool   $avoid_die When true, a disallowed comment will result in the function
 *                          returning a WP_Error object, rather than executing wp_die().
 *                          Default false.
 * @return bool Whether comment flooding is occurring.
 */
function wp_check_comment_flood($is_flood, $ip, $email, $date, $avoid_die = false)
{
    global $wpdb;
    // Another callback has declared a flood. Trust it.
    if (true === $is_flood) {
        return $is_flood;
    }
    // don't throttle admins or moderators
    if (current_user_can('manage_options') || current_user_can('moderate_comments')) {
        return false;
    }
    $hour_ago = gmdate('Y-m-d H:i:s', time() - HOUR_IN_SECONDS);
    if (is_user_logged_in()) {
        $user = get_current_user_id();
        $check_column = '`user_id`';
    } else {
        $user = $ip;
        $check_column = '`comment_author_IP`';
    }
    $sql = $wpdb->prepare("SELECT `comment_date_gmt` FROM `{$wpdb->comments}` WHERE `comment_date_gmt` >= %s AND ( {$check_column} = %s OR `comment_author_email` = %s ) ORDER BY `comment_date_gmt` DESC LIMIT 1", $hour_ago, $user, $email);
    $lasttime = $wpdb->get_var($sql);
    if ($lasttime) {
        $time_lastcomment = mysql2date('U', $lasttime, false);
        $time_newcomment = mysql2date('U', $date, false);
        /**
         * Filters the comment flood status.
         *
         * @since 2.1.0
         *
         * @param bool $bool             Whether a comment flood is occurring. Default false.
         * @param int  $time_lastcomment Timestamp of when the last comment was posted.
         * @param int  $time_newcomment  Timestamp of when the new comment was posted.
         */
        $flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
        if ($flood_die) {
            /**
             * Fires before the comment flood message is triggered.
             *
             * @since 1.5.0
             *
             * @param int $time_lastcomment Timestamp of when the last comment was posted.
             * @param int $time_newcomment  Timestamp of when the new comment was posted.
             */
            do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
            if (true === $avoid_die) {
                return true;
            } else {
                if (wp_doing_ajax()) {
                    die(__('You are posting comments too quickly. Slow down.'));
                }
                wp_die(__('You are posting comments too quickly. Slow down.'), 429);
            }
        }
    }
    return false;
}