Malicious comments can be posted on a website to harm it. Hackers post positive-sounding comments containing malicious code that gets saved to the database. When the comments are approved, the code executes and can cause issues like errors, plugins being removed, or posts/categories disappearing. To protect the site, comments should be manually approved, users should register before commenting, a CAPTCHA plugin should be installed, and untrusted users should not be given admin privileges.

2. Well this is something which not many
people are knowing about.
Malicious COMMENTS attack: you should
be knowing that whatever comments
users make in our website gets saved in
the database, from where it can be
operated via a simple mySql query. So
what the hackers and spammers do is,
they post comments in your website
which look really really real, like:

3. ” Hey nice website I have now
bookmarked your website, you really
write awesome, I will be waiting for more
articles”
or
“I havent seen such a nicely written
blog, great man, keep it up”or something
or otherthing like that, and whenever u
approve the comment, it starts its
operation. which can cause some of the
following issues:

4.  internal errors automatic plugins remove sitemap
disapperas posts or categories diappears
you cannot login your admin etc etc.
 How to protect?
well there are few precautions which u can take
and you need not to worry about this thing:
comments should be approved disable the auto
approval function users should be registered to
comment, this u can find in general settings
install captcha plugin by bestwebsoft.com its name
is just “CAPTCHA”never make someone an
author, or admin of ur website.never approve
untrusted users this thing might help you..