=== Ghost Comment Manager ===
Contributors: devfluxr
Tags: comments, moderation, spam, trust, ghost
Requires at least: 6.0
Tested up to: 6.8
Stable tag: 0.1.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html


Trust once → comments auto-publish with a moderator-only “ghost” flag. Includes a light spam shield, filters, bulk actions, and a clear dashboard.

== Description ==

Ghost Comment Manager is designed to reduce the time you spend moderating comments. Instead of re-approving the same people over and over, you mark a person as Trusted one time. From then on:

- Their new comments publish immediately.
- A subtle “ghost” indicator is shown to moderators only so you can spot and confirm at your convenience.
- Visitors see a normal comment; nothing changes on the public site.

Alongside this workflow improvement, the plugin includes a lightweight Shield that blocks common spam patterns without external services. A simple dashboard gives you live counts and a clear picture of what is happening.

This plugin focuses on workflow, clarity, and speed. It plays nicely with Akismet or Antispam Bee if you already use them.

=== Why use this plugin ===

1. Save time: stop re-approving loyal commenters.
2. Stay safe: every trusted comment is highlighted to moderators until confirmed.
3. Cut spam: built-in Shield blocks common abusive behavior before it reaches your queue.
4. See everything: a simple dashboard with trusted totals and block reasons.
5. Keep control: bulk trust/untrust, user-profile control, and comment-screen filters.

== Features ==

Core workflow
- Trust / Untrust a user from the Comments list.
- Auto-trust after X approved comments (configurable).
- Ghosted auto-publish for trusted users (mod-only highlight until confirmed).
- One-click Confirm to remove the ghost indicator.
- Role exclusions so specific roles (for example Editors) publish normally without ghosting.
- Custom ghost indicator icon and background color.

Shield Lite (no external API)
- Honeypot field that bots tend to fill.
- Minimum submit time to stop instant bot posts.
- Rate limits per IP (per minute and per hour).
- Maximum links per comment.
- Keyword and regular expression blocklist.
- Auto-close comments on old posts after X days.
- Minimum and maximum comment length.
- Duplicate comment protection within a time window.

Moderation UX
- Comment-screen filters:
  - Pending (New Users): only untrusted comments awaiting approval.
  - Ghost (Trusted): approved comments still awaiting moderator confirmation.
- Bulk actions: Trust or Untrust the user associated with selected comments.
- Trust from the User Profile screen (checkbox).

UI and Dashboard
- Colorful dashboard cards for trusted users, ghost-pending count, and totals.
- Shield Lite “blocks by reason” table.
- Clean and organized settings pages.
- “Pro Features” preview tab (coming soon items).

Integrations and compatibility
- Respects Akismet / Antispam Bee: if a comment is flagged as spam, this plugin does not ghost-mark or auto-approve it.
- Works with block themes and classic themes.
- Multisite compatible on a per-site basis.

## How it works (non-technical)

### 🧠 Approve vs Trust
- **Approve** = you approve **one** comment only.  
- **Trust** = you approve the **person**.  
  Once a user is trusted, their future comments are **published instantly** (no moderation wait).  
  - **Example:** You approve Sarah’s first few comments. After that, she’s trusted — her next comments appear immediately.

---

### 👻 Ghost indicator (moderator-only)
- Trusted users’ comments publish instantly **but can be optionally “ghosted”** (hidden from public) depending on your settings.  
- If ghosting applies:
  - **Public visitors** do **not** see ghosted comments yet.  
  - **Moderators** see them with a ghost icon 👻 or colored background.  
  - When you click **“Confirm (remove ghost)”**, the comment becomes visible to everyone.  

**Example:**  
John is a trusted user. His comment posts immediately but shows a ghost icon only moderators see.  
You review and click **Confirm** → it’s now public and the ghost mark disappears.

If the user’s role is excluded in settings (for example, “Subscriber”), their comments publish **publicly right away** with **no ghost step**.

---

### ⚙️ Auto-trust threshold
- In **Settings → Ghost Comment Manager → General**, set **Auto-trust after X approvals**.  
  **Example:** set it to **3**.  
  - When any commenter reaches **3 approved comments**, the plugin automatically trusts them.  
  - Their future comments post instantly without waiting for moderation.  
- Changing this number later affects **new users only**; existing trusted users stay trusted.

---

### 🔐 Role exclusions (no ghosting)
- Choose which roles should **never** be ghosted.  
  **Example:** check **Administrator** and **Editor**.  
  - Comments by these roles will always publish normally — no ghosting, no confirmation step.  
  - This ensures your staff or editors aren’t delayed or hidden from public view.

---

### 🛡️ Shield Lite (Spam / Abuse Guard)
- Works quietly in the background to stop obvious spam before it reaches your moderation queue.  
- Uses:
  - **Honeypot field** to trap bots  
  - **Minimum submit time** (prevents instant spam posts)  
  - **Rate limits**, **link limits**, and **keyword blocklist**  
- The default settings are safe and balanced.  
  You can fine-tune them anytime to match your community’s needs.


== Step-by-step setup ==

1. Install and activate the plugin.
2. Open Ghost Comments → Settings → General:
   - Set “Auto-trust after X approvals” (0 disables auto-trust).
   - Choose any roles to exclude from ghosting.
   - Pick an icon and background color for the moderator-only ghost indicator.
3. Open Ghost Comments → Settings → Shield Lite:
   - Keep Honeypot on.
   - Set Minimum submit time (3–5 seconds is typical).
   - Set rate limits (for example 6 per minute and 60 per hour).
   - Set the maximum number of links (for example 2).
   - Add any keywords or regular expressions to block.
   - Optionally auto-close comments on posts older than X days.
   - Adjust minimum/maximum length and duplicate time window to taste.
4. Start using it:
   - In Comments → All Comments, click “Trust User” on a real commenter.
   - Their next comments auto-publish with a moderator-only ghost indicator.
   - Click Confirm to remove the indicator when you’re ready.

== Using each feature ==

Trust / Untrust from Comments
- Where: Comments → All Comments (hover a row).
- Action: click “Trust User” or “Untrust User”.
- Result: future comments from that user auto-publish (if trusted) and are ghost-flagged for moderators.

Auto-trust after X approvals
- Where: Ghost Comments → Settings → General.
- Action: set a number of approved comments required (0 disables).
- Result: users become trusted automatically when they reach the threshold.

Confirm (remove ghost)
- Where: Comments → All Comments on the trusted comment row.
- Action: click “Confirm (remove ghost)”.
- Result: the moderator-only highlight disappears; the comment remains published.

Role exclusions
- Where: Ghost Comments → Settings → General.
- Action: check roles that should not be ghosted.
- Result: users with those roles publish normally without a ghost indicator.

Ghost indicator style
- Where: Ghost Comments → Settings → General.
- Action: set icon and color.
- Result: the moderator-only highlight uses your chosen style.

Shield Lite: Honeypot
- Where: Ghost Comments → Settings → Shield Lite.
- Action: keep “Honeypot” enabled.
- Result: bots that fill the hidden field are blocked immediately.

Shield Lite: Minimum submit time
- Where: Ghost Comments → Settings → Shield Lite.
- Action: set a minimum number of seconds (0 disables).
- Result: submissions that happen too quickly are blocked.

Shield Lite: Rate limits
- Where: Ghost Comments → Settings → Shield Lite.
- Action: set per-minute and per-hour limits (0 disables).
- Result: repeated posting from the same IP is throttled.

Shield Lite: Maximum links
- Where: Ghost Comments → Settings → Shield Lite.
- Action: set the link limit (0 means no limit).
- Result: comments with too many links are blocked.

Shield Lite: Keyword / regex blocklist
- Where: Ghost Comments → Settings → Shield Lite.
- Action: enter one rule per line; plain words match case-insensitive; regular expressions in /pattern/ or /pattern/i form are supported.
- Result: comments matching a rule are blocked.

Shield Lite: Auto-close old posts
- Where: Ghost Comments → Settings → Shield Lite.
- Action: set days after which comments are closed (0 disables).
- Result: new comments are blocked on very old posts.

Shield Lite: Min / Max length and Duplicate window
- Where: Ghost Comments → Settings → Shield Lite.
- Action: set minimum and maximum characters, and a duplicate-detection window in seconds (0 disables).
- Result: very short, very long, or repeated comments are blocked.

Filters on the Comments screen
- Where: Comments → All Comments.
- Action: use the “GCM View” dropdown or the additional status links.
- Result: see either Pending (New Users) or Ghost (Trusted) items instantly.

Bulk actions: Trust / Untrust
- Where: Comments → All Comments.
- Action: select multiple comments → choose “Trust user of selected comments” or “Untrust user of selected comments” → Apply.
- Result: users associated with those comments are updated in bulk.

Trust from the User Profile
- Where: Users → All Users → Edit user.
- Action: check “Trusted Commenter” and update the profile.
- Result: that user is trusted without needing to find a specific comment.

Dashboard
- Where: Ghost Comments → Dashboard.
- Shows: trusted user total, ghost-pending count, totals for auto-trusted, ghosts marked, ghosts confirmed, and a table of Shield Lite blocks by reason.

== Compatibility, performance, privacy ==

Compatibility
- Works with WordPress 6.0 and newer, classic and block themes.
- Plays well with Akismet and Antispam Bee; if a comment is flagged as spam, it will not be ghost-marked or auto-approved by this plugin.
- Multisite: activate per site or network-wide; settings are per site.

Performance
- Lightweight by design. No front-end JavaScript for visitors. Shield Lite uses simple server checks and transients.

Privacy
- Stores minimal user meta to remember trusted status and counters for the dashboard.
- No data is sent to external services by this plugin.

== Troubleshooting ==

I trusted a user but their comment did not auto-publish
- Confirm the user is logged in with the same account you trusted.
- Check if another plugin is forcing all comments to be held for moderation.
- If Akismet flagged the comment as spam, it will not auto-publish.

Ghost highlight is not visible to moderators
- Ensure you are logged in with a role that can moderate comments.
- Confirm the comment belongs to a trusted user and has not already been confirmed.
- Check the indicator color in settings; choose a more visible color if needed.

Auto-trust threshold is set but users are not becoming trusted
- The threshold only counts approved comments after you enabled it.
- Set the threshold to a smaller number to test quickly.

Too many legitimate comments are blocked
- Lower the minimum submit time.
- Increase rate limits or set them to 0 to disable.
- Raise the maximum links or remove specific keywords/regexes from the blocklist.
- Reduce duplicate window time.

== Frequently Asked Questions ==

**Does this replace Akismet/Antispam?**
No. It complements them. If Akismet (or another antispam plugin) flags a comment as spam, this plugin does not ghost-mark or approve it.

**What’s the difference between “Approve” and “Trust”?**
- **Approve** = one comment.
- **Trust** = the user (all future comments auto-publish with a temporary ghost flag until confirmed).

**Do visitors see the ghost flag/marker?**
No. Only logged-in users with moderation rights see it.

**Does it work with guests (unregistered commenters)?**
Trust is per **WordPress user account**, so guests are not auto-trusted. They can still comment—Shield Lite still protects you.

**Will changing the auto-trust threshold affect existing trusted users?**
No. It only affects users going forward.

**Can I exclude roles from ghosting?**
Yes. In **Settings → General**, you can exclude roles so their comments publish normally with no ghost flag.

**Does it work with block themes and the Comment block?**
Yes. The ghost flag/marker wraps the comment text for moderators only; public output is untouched.

**Multisite support?**
Yes. Works per-site. Network activate if you want it available network-wide; settings remain per individual site.

**Performance impact?**
Very small. Shield Lite uses simple checks and transients (no external API calls). No front-end JS is added for visitors.

**Can I export settings?**
Not in the free version. Export and analytics features are planned for Pro.

**Privacy – what data is stored?**
- **User meta**: `_gcm_trusted` (1/0), `_gcm_approved_count` (number).
- **Comment meta**: `_gcm_ghost` (1).
- **Options**: `gcm_settings` (your settings), `gcm_metrics` (dashboard counters).
- **Transients**: rate limit counters & duplicate hash (short-lived).

No data is sent to third parties.


== Screenshots ==

1. Dashboard with trusted counts and Shield Lite blocks.
2. Comments list with Trust / Untrust actions and the GCM status column.
3. Comments screen filters for Pending (New Users) and Ghost (Trusted).
4. Settings → General with auto-trust, role exclusions, and indicator style.
5. Settings → Shield Lite with anti-spam options.
6. User Profile screen with the Trusted Commenter checkbox.

== Installation ==

1. Upload the plugin through Plugins → Add New → Upload Plugin, or search for “Ghost Comment Manager”.
2. Activate the plugin.
3. Open Ghost Comments → Settings to configure thresholds and Shield Lite.
4. Start trusting users from the Comments screen.

== Changelog ==

= 0.1.0 =
- Initial release
- Trust / Untrust workflow and auto-trust threshold
- Ghosted auto-publish with one-click Confirm
- Role exclusions and indicator customization
- Shield Lite: honeypot, minimum submit time, rate limits, link limit, keyword/regex blocklist, auto-close, min/max length, duplicate protection
- Comment-screen filters for Pending (New Users) and Ghost (Trusted)
- Bulk actions (Trust / Untrust user of selected comments)
- Trust from the User Profile screen
- Dashboard with metrics and Pro preview

== Upgrade Notice ==

= 0.1.0 =
First public release with trusted workflow, ghost confirmation, Shield Lite, filters, bulk actions, user-profile control, and a dashboard.

== Roadmap / Pro ==

Coming soon in Pro:
- Trust levels with scoring and optional expiry
- Keyword rules with scoring and spam-gate thresholds
- Team assignments and internal notes
- Analytics with CSV export
- Advanced role and post-type overrides
