WordPress Security

Created OnDecember 3, 2021

Updated OnMarch 2, 2023

By:Dennis

0 out Of 5 Stars

5 Stars		0%
4 Stars		0%
3 Stars		0%
2 Stars		0%
1 Stars		0%

Overview

Copy the URL link to this section to share

During the import operation, an admin has to choose how to handle HTML filtering. Here are additional details.

Unfiltered HTML

Copy the URL link to this section to share

What is the unfiltered_html Permission in WordPress?

The unfiltered_html permission is a security feature in WordPress that prevents users from using potentially dangerous tags such as iframes and embed, and also more advanced code such as JavaScript.

This unfiltered_html permission could be very dangerous in the wrong hands. Do not give this permission to any user you do not trust. WordPress has disabled this permission for most users because they rarely need it.

If you just want those users to be able to insert content like YouTube video iframes, use WP’s built-in embed shortcode to embed that content instead.
Reference: Add unfiltered_html Capability to Admins or Editors in WordPress Multisite

Learn more about how to enable the unfiltered_html if you decide to do so: What is the unfiltered_html permission in WordPress?

Note that DISALLOW_UNFILTERED_HTML is a WordPress configuration constant that can be defined in the wp-config.php file to restrict the ability of users with the unfiltered_html capability to post unfiltered HTML code. By defining this constant and setting it to true, WordPress will restrict the use of the unfiltered_html capability and enforce the use of the wp_kses function to filter HTML code. When this constant is defined and set to true, users with the unfiltered_html capability will be forced to use the wp_kses function to filter their HTML code before posting it.

WordPress HTML Filter

Copy the URL link to this section to share

What is the force_filtered_html_on_import filter in the WordPress?

This filter determines whether to filter imported data. Multisite uses this hook to filter all data by default, as a super administrator may be assisting an untrusted user. Other plugins or custom code can set this filter as well.

What are WordPress Allowed Mime Types?

Copy the URL link to this section to share

WordPress restricts the file types and MIME types that can be used. This is also checked during import when retrieving files from the source site. Learn more.

Was this article helpful?

0 out Of 5 Stars

5 Stars		0%
4 Stars		0%
3 Stars		0%
2 Stars		0%
1 Stars		0%

Tags:

Echo Knowledge Base

Getting Started

Main Page

Features

Layouts

How To

Advanced

Article Pages

Article Features

Advanced

Category Archive Pages

Additional Features

AI Assistance

Widgets and Shortcodes

Import, Export, and Migrate Articles

FAQs

How To Videos

Other Topics

Scroll Down Arrow Plugin

Elementor

WordPress Themes

My Account

Learn More

Troubleshooting

Add-ons

Elegant Layouts

Multiple Knowledge Bases

Advanced Search

Advanced

KB Widgets

Widgets

Shortcodes

How to

Articles Import and Export

Other Topics

Article Rating and Feedback

Custom Links

Access Manager

Overview

Getting Started

Reference

Maintaining Access Integrity

WordPress Security

0 out Of 5 Stars

Overview

Unfiltered HTML

WordPress HTML Filter​

What are WordPress Allowed Mime Types?

0 out Of 5 Stars

How can we improve this article?

Please submit the reason for your vote so that we can improve the article.

WordPress HTML Filter