-
General
-
- How to Find the Latest Versions of PublishPress Plugins
- Changelogs for Free PublishPress Plugins
- Changelogs for PublishPress Authors
- Changelogs for PublishPress Blocks
- Changelogs for PublishPress Capabilities
- Changelogs for PublishPress Checklists
- Changelogs for PublishPress Future
- Changelogs for PublishPress Permissions
- Changelogs for PublishPress
- Changelogs for PublishPress Revisions
- Changelogs for PublishPress Series
-
PublishPress Authors
-
- How to Create Custom Author Layouts
- Add Data in Custom Author Layouts
- Using Conditionals in Custom Author Layouts
- Add CSS in Custom Author Layouts
- The Loop Object in PublishPress Authors
- Add External Data to PublishPress Authors
- Modify the Author Avatar
- Where are Author Layouts Stored in the Database?
- Add Social Links to Author Profiles
-
PublishPress Blocks
-
- Accordion Block
- Button Block
- Icon Block
- Image Block
- List Block
- Table Block
- Tabs Block
- Video Block
- Columns Block
- Content Display Block
- Countdown Block
- Count Up Block
- Images Slider Block
- Info Box Block
- Login & Register Block
- Map Block
- Newsletter Block
- Search Bar Block
- Social Links Block
- Table of Contents Block
- Testimonial Block
- Woo Products Block
- Feature List block
- Pricing Table block
- Core Blocks
- Contact Form Block
-
PublishPress Capabilities
-
- The Admin Menus Screen
- Control Access to WooCommerce Admin Menus
- Control Access to Contact Form 7 Admin Menus
- Control Access to Yoast SEO Admin Menus
- Control Access to Elementor Admin Menus
- Control Access to Jetpack Admin Menus
- Control Access to WPForms Admin Menus
- Control Access to The Events Calendar Admin Menus
- Control Access to Gravity Forms Admin Menus
-
PublishPress Checklists
-
- Number of characters in title
- Numbers of words in content
- Number of categories
- Number of tags or taxonomy terms
- Number of characters in excerpt
- Number of internal links in content
- Number of external links in content
- All links use a valid format
- ALT Text for all images
- Featured image
- Latin characters in permalink
- Approved by a user in this role
- Yoast SEO tasks
- WooCommerce product tasks
- Featured image height and width
-
PublishPress Future
- Introduction to PublishPress Future
- Ways to Expire Posts
- Defaults for Post Types
- PublishPress Future Email Notifications
- Shortcodes to Show Expiration Date
- Automatic Footer Display for Expiry Dates
- Scheduling in PublishPress Future: Cron Jobs
- Technical Details for PublishPress Future
- Troubleshooting in PublishPress Future
-
PublishPress
-
- Getting Started With Notifications in PublishPress
- Understanding the PublishPress Notification Options
- Get PublishPress Notifications by Email or Slack
- How to Customize PublishPress Notifications With Shortcodes
- How to Use Reminder Notifications
- Notify Me: How to Manually Add Yourself to Notifications
- The PublishPress Notifications Log
- Hooks and Filters for Notifications
- Troubleshooting Email Notifications in PublishPress
-
PublishPress Permissions
-
- Control Access to Custom Post Types
- Control Viewing Access to Specific Categories
- Allow Editing of Specific Pages
- Force Users to Create Posts in a Category or Parent Page
- Block Users from Seeing Non-Editable Posts
- Control Viewing Permissions for WordPress Content
- Control Editing Permissions for WordPress Content
- Block Access to WordPress Category and Tag Archives
- Configure Who Can See Other People's Posts
-
- Developer Information for Permission Groups
- PublishPress Permissions Database Tables and Settings
- pp_create_group()
- pp_delete_group()
- pp_get_group()
- pp_get_group_by_name()
- pp_get_metagroup
- pp_get_groups()
- pp_get_group_members()
- pp_get_groups_for_user()
- pp_add_group_user()
- pp_remove_group_user()
- pp_update_group_user()
- ppc_get_roles()
- ppc_assign_roles()
- ppc_get_exceptions()
- ppc_assign_exceptions()
-
PublishPress Revisions
-
- Does My Plugin Support PublishPress Revisions?
- A List of Some Plugins Supported by PublishPress Revisions
- PublishPress Revisions Pro and The Events Calendar
- PublishPress Revisions Pro and WooCommerce
- PublishPress Revisions Pro and Advanced Custom Fields
- PublishPress Revisions Pro and WPML
- PublishPress Revisions Pro and Custom Post Type UI
- PublishPress Revisions Pro and Yoast SEO
- PublishPress Revisions Pro and the PODS Framework
- Submit and Moderate Revisions with the Divi Theme
- Create Revisions Using an API
- PublishPress Revisions Pro and Elementor
- PublishPress Revisions Pro and Beaver Builder
-
PublishPress Series
-
How-to Guides
-
- A WordPress Editorial Workflow for Writing, Reviewing and Publishing
- A WordPress Workflow for Editing and Reviewing
- Create a Workflow for University Departments in WordPress with PublishPress
- Create a Multi-Step Workflow in WordPress
- How to Create a Publishing Workflow for Authors in WordPress
- How to Get 2 People to Approve Content in WordPress
-
- How to Allow WordPress Admin Area Access for WooCommerce Users
- How to Manage Permissions for WooCommerce Products
- Allow WooCommerce Users to Edit Only One Product
- How to Approve and Schedule Changes to WooCommerce Products
- WooCommerce Users Can Edit Products Only in Some Categories
- How Create WooCommerce Users Who Can Only View and Edit Products
- How to Create and Schedule Revisions for WooCommerce Products
- How to Control Who Can Duplicate WooCommerce Products
- Create WooCommerce Users Who Can Only View Reports
- How to Control Who Can Access WooCommerce Coupons
- How to Create WooCommerce Users Who Can Only View and Edit Orders
- How to Manage Permissions for WooCommerce Orders
- How to Control Permissions for WooCommerce Refunds
- How to Create Checklists with WooCommerce
-
-
WordPress Permissions
-
- activate_plugins
- add_users
- create_users
- delete_others_pages
- delete_others_posts
- delete_pages
- delete_posts
- delete_plugins
- delete_private_pages
- delete_private_posts
- delete_published_pages
- delete_published_posts
- delete_themes
- delete_users
- edit_dashboard
- edit_others_pages
- edit_others_posts
- edit_pages
- edit_plugins
- edit_posts
- edit_private_pages
- edit_private_posts
- edit_published_pages
- edit_published_posts
- edit_theme_options
- edit_themes
- edit_users
- erase_others_personal_data
- export
- export_others_personal_data
- import
- install_plugins
- install_themes
- list_users
- manage_categories
- manage_links
- manage_options
- manage_privacy_options
- moderate_comments
- promote_users
- read
- read_private_pages
- read_private_posts
- remove_users
- switch_themes
- unfiltered_html
- unfiltered_upload
- update_core
- update_plugins
- update_themes
- upload_files
unfiltered_html
What is the unfiltered_html permission in WordPress?
The unfiltered_html permission is a security feature in WordPress that prevents users from using tags such as <iframe> and <embed>, plus also more advanced code such as Javascript.
This unfiltered_html permission could be very dangerous in the wrong hands, so please don't give this permission to any users you do not trust. WordPress has disabled this permission for most users because they rarely need it.
I'm going to show you the unfiltered_html permission in action.
In the post below, I've created a Paragraph block. I'm using the Gutenberg editor:
In the settings for this paragraph block, I click the “Edit as HTML” option:
Now in the HTML version of the block, I enter the HTML code for an iframe:
When I try to save this post, or edit the block visually, WordPress will complain with the message: “This block contains unexpected or invalid content.” This happens because I do NOT have the unfiltered_html permission.
If you click “Resolve”, WordPress will try to convert the code to something safer. However, the code shown below in the “After Conversion” area will not work:
If you want to add code like this to WordPress, you do need the unfiltered_html permission.
Which user roles have unfiltered_html permission?
The unfiltered_html permission is available on single WordPress sites and on multisite networks.
By default, the unfiltered_html permission is only given to Super Admins, Administrators and Editors.
On WordPress multisite networks, only Super Admins have the unfiltered_html permission.
Users not in these roles are not allowed to add suspicious code to posts.
Control who has the unfiltered_html permission
If you use the PublishPress Capabilities plugin, you can enable or disable the unfiltered_html permission for each user role.
- Go to “Capabilities” in your WordPress admin area.
- In the top-right corner of the screen, load the user role that you want to customize. In this image below, I’ve chosen the “Editor” role:
In the center of the screen, you can now set the permissions. If you want to allow people in the Editor role to create posts, check the “unfiltered html” box. Click the blue “Save Changes” button to finish,
If you want to set these permissions across a multisite network, follow these instructions.