You could consider reviewing how others do it. There's a reason why less and less want to host their comments and outsource that instead. Comment = write access to your site. You don't want that. There are multi-million dollar spam farms dedicating hundreds of developers to finding ways to spam and abuse comments.
Every single WP, Drupal and Joomla website that I know that was not properly maintained or hosted with a major provider (such as WP@WP themselves) got hacked at some point.
Right - but I really do want comments. This site and many many others have write access and manage. If a self-hosted solution ever caused me issues on account of spam etc, I'd review the situation.
With outsourcing comments someone else handles (some of) the back-end, facilitating appearance of comments on your site but limiting your own back-end exposure.
Every single WP, Drupal and Joomla website that I know that was not properly maintained or hosted with a major provider (such as WP@WP themselves) got hacked at some point.