Skip to main content Accessibility Feedback

Allowing iFrames in sanitized WordPress content

I recently discovered that wp_kses—a function that keeps malicious code out of the database—was stripping out my YouTube and Vimeo embeds in a custom metabox I had created.

Fortunately, WordPress provides a filter you can use to add additional allowed tags.

For something like videos that are likely to end up in your content, it’s better to include this sort of thing in a plugin so that you don’t lose your content if you change themes.

So, I created one. You can grab Allow iFrames on GitHub.

🚀 Make 2018 the year you master JavaScript! My pocket guides and mini courses are short, focused, and made for beginners. You can do this!

Have any questions or comments about this post? Email me at or contact me on Twitter at @ChrisFerdinandi.

Get Daily Developer Tips