Every CMS is different, I have always remove the wp theme/comments.php code anyhow for security reason and implemented something like "Disqus" instead for wp comments. But there are plenty of plugins to strip tags from comments and security plugins to handle XSS and comments for WordPress.
If you are a wordpress noob and need help, install the plugin ithemes security and tick all the boxes in the set-up.