disable tags on wordpress text editor

WordPress already disallows the use of JavaScript in the editor for users without the unfiltered_html capability. By default, only the Administrator and Editor roles have this capability. If necessary, you could remove this capability from Editor users as well. (It doesn’t make sense to remove it from Administrators, because they will still have the ability to install plugins, and thus execute whatever kind of code they want to.)

This code should do that for you:

function wpse_285333_remove_unfiltered_html_cap() {
    $wp_roles = wp_roles();
    $wp_roles->remove_cap( 'editor', 'unfiltered_html' );
}

// This function actually only needs to run once, so you can comment this out
// after loading the site once.
add_action( 'init', 'wpse_285333_remove_unfiltered_html_cap', 5 );

There are also plugins available to help with managing roles and capabilities.

Related Posts:

  1. Custom wp.editor.initialize settings ignored
  2. SecurityError: Blocked a frame with origin from accessing a cross-origin frame
  3. Remove inline linking tool
  4. How to wrap the content of the main tinyMCE editor with extra tags
  5. Add Item to Custom TinyMCE Menu
  6. How to get value of selected page template in Gutenberg editor?
  7. Strange gibberish JavaScript in Editor – site hacked?
  8. Close TinyMCE plugin window on click away
  9. Trouble adding JavaScript in visual editor (Sharpspring embed code)
  10. How can I get the standard WP-Editor through Javascript?
  11. Make TinyMCE checkbox that returns a value instead of true/false
  12. wp.editor.initialize does nothing
  13. Button insert link on front wp_editor not working
  14. JavaScript && operator in visual editor
  15. Authentication with the Rest API when using an External Application
  16. Media library not working with wp_editor() on the front end
  17. Popup box when Clicking on Insert into post button in wordpress
  18. wordpress 4.4 upgrade visual editor bullets select for not selected elements
  19. How to reference TinyMCE body in my script
  20. Change syntax styling of TinyMCE HTML Text Editor
  21. find out reason of “Updating failed” in Post-editor
  22. Should I manually resolve WP Core File security issues or await a subsequent WP release?
  23. How to stop javascript code being broken when going into visual editor
  24. How to make shortcode which returns HTML?
  25. How to use WP switchEditors.switchto(this) JS function in your own script?
  26. Cannot read properties of undefined (reading ‘show_ui’) Error on WordPress Post Editor
  27. VisualComposer/WPBakery Page Editor: Is any JS event triggered after the Edition pop-in is shown?
  28. Dynamically write in editor with Javascript
  29. &nbsp when I use ENTER for skipping line
  30. None of the JavaScript works when using wp_editor
  31. Securing Contact Form 7 [closed]
  32. Use add_action to run a script, but only on the post editor page
  33. How to securely set dynamic HTML content with JavaScript?
  34. Failed to load resource: the server responded with a status of 404 (Not Found)
  35. How to reload a page using JavaScript
  36. How can I do string interpolation in JavaScript?
  37. How do I test for an empty JavaScript object?
  38. Tallest Unicode character?
  39. How to solve ‘Redirect has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header’?
  40. jQuery setTimeout() Function [duplicate]
  41. Nested JSON objects – do I have to use arrays for everything?
  42. How to find the sum of an array of numbers
  43. JavaScript null check
  44. Remove Object from Array using JavaScript
  45. webpack: Module not found: Error: Can’t resolve (with relative path)
  46. HTML5 Local storage vs. Session storage
  47. What does href expression do?
  48. Give a value to an ng-model=”searchText” input based on list item clicked in Angular JS
  49. Expressjs / Node.js – res.redirect() not loading page
  50. Using async/await with a forEach loop
  51. How to check if two arrays are equal with JavaScript?
  52. What is causing the error `string.split is not a function`?
  53. Does JavaScript have a built in stringbuilder class?
  54. Pass react component as props
  55. How to fix Cannot find module ‘typescript’ in Angular 4?
  56. Origin null is not allowed by Access-Control-Allow-Origin
  57. using jQuery $(this).addClass not working, simple code not working
  58. How to get height of div in px dimension
  59. jQuery: Uncaught Error: Syntax error, unrecognized expression
  60. What is the difference between String.slice and String.substring?
  61. How to use in jQuery :not and hasClass() to get a specific element without a class
  62. Crop the image using JavaScript
  63. Only on Firefox “Loading failed for the script with source”
  64. How do you use a variable in a regular expression?
  65. How to embed a youtube playlist with a sidebar
  66. How to add a button dynamically using jquery
  67. External JavaScript Not Running, does not write to document
  68. Create a simple 10 second countdown
  69. Generate a Hash from string in Javascript
  70. Find a value in an array of objects in Javascript [duplicate]
  71. What does `node –harmony` do?
  72. How to load wp_editor via AJAX
  73. Preventing YouTube embeds loading multiple instances of player JS?
  74. How to handle malformed response from WP REST API?
  75. Use useSelect/useDispatch instead of withSelect/withDispatch
  76. Modals using loops and ACF [closed]
  77. Changes to JS not reflected on site
  78. How to set translations in javascripts for my plugin?
  79. How to make wordpress URLS google friendly for ajax driven sites?
  80. js addclass function not working as expected, intereaction or special WP somethign needed?
  81. Get a default value of the Customizer setting using wp.customize API (JS)
  82. Google PageSpeed Enable Compression isn’t working?
  83. How can I add Javascript in the header of all post pages and only post pages
  84. Is it safe use wp_editor in public contact form
  85. wp_enqueue_script not loading my custom js file
  86. How to locate a Javascript? It is there in HTML but not in any file [closed]
  87. Trigger wp-embed via JavaScript to refresh iframe preview?
  88. Malware gdjfgjfgj235f [closed]
  89. CDATA removing new line in script tag in wordpress
  90. How to run Javascript popup modal in a loop?
  91. Console Messages: A cookie associated with a cross-site resource at
  92. Is there an option to execute javascript file only on plugin deactivation
  93. Proper way of minifiying java script files in wordpress theme
  94. Hide show java script code not working in my custome post templete
  95. Enqueue concatinated JS file in WordPress
  96. Why can’t I load JS script in a plugin?
  97. Page template dynamic links based on browser size
  98. Block pattern conflict with custom block
  99. How to Update a variable even if the web page reloads in js
  100. How do i get an Inline style in Gutenberg Block show up in front end?