With the Disqus update a few months ago, some users pointed out the commenting service’s Discovery feature. The Discovery feature shows links to other sites’ content at the bottom of your posts.
When I checked to see if the feature was active on my site when the Discovery feature was released, it did not appear active so I left Disqus alone.
So cue surprise when I was reading comments on one of my posts and I saw an outbound link to another site placed below the comments section.
Disqus should not be putting what is equivalent to advertising on our sites without first getting explicit consent from the owner.
They should show a message to the admin the next time the admin logs into Disqus asking if the admin would like the Discovery feature enabled on their site.
So all default installations and updates of Disqus have Discovery settings set to Increased Traffic as shown below when managing Disqus in Admin > Settings > Discovery.
Get rid of Disqus Discovery recommendations by selecting the Just Comments radio button and save your changes.
Disqus is still one of the best commenting platforms available due to its ease of installation and configuration and numerous features which make commenting on a website for users seamless.
Besides Disqus freeloading activity off of sites whose admins haven’t configured Discovery yet (site owners may input a Paypal email for payment for referrals), this shows how Disqus can make radical changes their commenting platform without updating the Disqus WordPress plugin.
This ability make changes to what is displayed on blogger’s posts without site owner intervention raises security concerns as to the effect of Disqus’ backend being compromised. In the unlikely event that something did happen, an attacker could exploit XSS and other wide range of attacks through attaching a malicious payload to the 1.8 million websites that Disqus is used on.