Print

WordPress Security

During the import operation, an admin has to choose how to handle HTML filtering. Here are additional details.

What is the unfiltered_html Permission in WordPress?

The unfiltered_html permission is a security feature in WordPress that prevents users from using potentially dangerous tags such as iframes and embed, and also more advanced code such as JavaScript.

This unfiltered_html permission could be very dangerous in the wrong hands. Do not give this permission to any user you do not trust. WordPress has disabled this permission for most users because they rarely need it.

If you just want those users to be able to insert content like YouTube video iframes, use WP’s built-in embed shortcode to embed that content instead.
Reference:  Add unfiltered_html Capability to Admins or Editors in WordPress Multisite

Learn more about how to enable the unfiltered_html if you decide to do so:  What is the unfiltered_html permission in WordPress?

What is the force_filtered_html_on_import filter in the WordPress?

This filter determines whether to filter imported data. Multisite uses this hook to filter all data by default, as a super administrator may be assisting an untrusted user. Other plugins or custom code can set this filter as well.

WordPress restricts the file types and MIME types that can be used. This is also checked during import when retrieving files from the source site. Learn more.

Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Need help?
Previous CSV File Format and Examples
Next Import Troubleshooting
Table of Contents

Recent Articles