Comment controls when comments are enabled

WARNING: Enforcing this setting can affect moderation workflows and long-term commenting on older posts. Verify that moderators or site owners do not require comments to stay open longer than the configured value before enabling enforcement.

Description of the control

This control sets how CMSSPM handles Comment controls when comments are enabled on the Core Hardening page. The available options are Off, Enforced (require moderation auto-close), and Audit only.

This area also includes a Close comments after days number field and a risk acceptance checkbox labeled Override long-term commenting is intentionally part of the site; do not score this against me. The provided UI states that this control is not applicable until comments are enabled or the related risk is accepted.

Procedure

1. In WordPress admin, open Posture Management.
2. Select Core Hardening.
3. In the WordPress Interfaces section, locate Comment controls when comments are enabled.
4. Confirm that comments are enabled or that the related comment risk has been accepted so this control is applicable.
5. Select one of these options:
   • Off
   • Enforced (require moderation auto-close)
   • Audit only
6. In Close comments after days, enter the required value.
7. If long-term commenting is intentionally required and the goal is only to suppress audit findings, select Override long-term commenting is intentionally part of the site; do not score this against me.
8. Click Save changes.

Validation

After saving, reload Posture Management -> Core Hardening and confirm the selected option and the Close comments after days value are still shown.

If Enforced was selected, verify that moderation remains enabled and that comments on older posts close according to the configured number of days.