Skip to main content Skip to secondary navigation Accessibility Feedback

Allowing iFrames in sanitized WordPress content

I recently discovered that wp_kses—a function that keeps malicious code out of the database—was stripping out my YouTube and Vimeo embeds in a custom metabox I had created.

Fortunately, WordPress provides a filter you can use to add additional allowed tags.

For something like videos that are likely to end up in your content, it’s better to include this sort of thing in a plugin so that you don’t lose your content if you change themes.

So, I created one. You can grab Allow iFrames on GitHub.

Have any questions or comments about this post? Email me at or contact me on Twitter at @ChrisFerdinandi.

Get the Spare Parts Newsletter

Every week, I send out a short email packed with web development resources and interesting stuff from around the web.