How safe / sanitized is wp_insert_posts()?

You don’t have to do anything.

On WP load:

'init' hook -> kses_init() -> kses_init_filters()

Later:

wp_insert_post() -> sanitize_post() -> sanitize_post_field() -> 'content_save_pre' -> wp_filter_post_kses()

Similarly for post titles, comment text etc.

Conclusion: wp_insert_post() is very sanitized. 🙂

Related Posts:

  1. When to use esc_html and when to use sanitize_text_field?
  2. What’s the difference between esc_* functions?
  3. is_email() VS sanitize_email()
  4. Which KSES should be used and when?
  5. How to escape custom css?
  6. Do Cookies Need to be Sanatized Before Being Saved?
  7. Is default functions like update_post_meta safe to use user inputs?
  8. vs WordPress Security
  9. How Could I sanitize the receive data from this code
  10. Is wp_kses the right approach in sanitizing this string?
  11. Is it sensible to worry about sanitizing admin input in plugin custom CSS?
  12. Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
  13. Does meta-data need to be sanitized?
  14. Do we need to escape data that we receive from theme options?
  15. How WordPress sanitizes post content on save? Or it doesn’t?
  16. how to sanitizing $_POST with the correct way?
  17. what is a auth_user_file.txt?
  18. How to view PHP on live site
  19. Is moving wp-config outside the web root really beneficial?
  20. Hide the fact a site is using WordPress?
  21. Verifying that I have fully removed a WordPress hack?
  22. Best way to eliminate xmlrpc.php?
  23. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  24. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  25. Should I remove install.php and install-helper.php?
  26. Are Nonces Useless?
  27. What is the difference between esc_html filter vs attribute_escape filter?
  28. How do I technically prove that WordPress is secure?
  29. WordPress it’s cleaning a custom query_var to avoid sql injections?
  30. How do WordPress Nonces Work?
  31. Tips for finding SPAM links injected into the_content
  32. Is WordPress vulnerable to the httpoxy?
  33. How can I easily verify a core or plugin update has not broken anything?
  34. Vanilla WordPress install, what can/should I put in disable_functions?
  35. wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
  36. Secure my “add_settings_field” translation?
  37. Is there a security risk giving someone temporary access to my blog’s code?
  38. How to properly sanitize/secure a WP Query coming from the front end
  39. WordPress Logout Only If User Click Logout or If User Delete Browser History
  40. How brute-forcer knows that the password is cracked for target username?
  41. wp_insert_post disable HTML filter
  42. Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
  43. Completely remove the author url
  44. Restricting access to content
  45. About WordPress site security
  46. Relative security of different releases of WordPress
  47. Where to store OAuth 2.0 client id and secret?
  48. How can I safely use $_SERVER[‘REQUEST_URI’] to avoid XSS?
  49. Using HTACCESS for Secret Access
  50. Definitive wordpress directory ownership and permissions on linux
  51. Changing Table Prefixes – once done, am I good to go going forward?
  52. wordpress website host price and security [closed]
  53. What is the safe way to print tracking code / pixel code before tag or tag
  54. Are there security risks in working directly in the themes folder that builds into a theme folder?
  55. Changing the default header name
  56. how much information can we hide when using wordpress cms?
  57. Is it safe to use a global wp nonce per user instead of a nonce per action?
  58. What’s the proper way to sanitize checkbox value sent to the database
  59. Basic password protection without using users and roles
  60. System setting changed by system user
  61. Will there be security updates for WordPress 4.9.9
  62. Any known bugs that could cause disappearance of the wp_users table?
  63. 404/500 error on content images if Referer header is from another domain [closed]
  64. Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
  65. Restrict Access without Creating Users
  66. Switching between security plugins is a risk?
  67. How to obfuscate wp-config.php or code
  68. Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
  69. How to prevent to direct access of my custom plugin folder/files
  70. Checking for origin of a xmlrpc request
  71. RESTRICT EDIT of PHP files?
  72. wp-content – permissions for files/folders created by apache
  73. How can I restrict access to specific parts of a page, not just the page itself?
  74. User generated content and security
  75. Are major WordPress updates mandatory for security?
  76. i moved wp-config.php outside of public html and this broke my website
  77. Monitor wordpress all external calls
  78. Is it safe to use the basic administration with reduced rights for private member space
  79. Securing WordPress running on Azure platform
  80. Verifying that I have fully removed a WordPress hack?
  81. Spam Registrations
  82. How can I have more confidence that WP plugins aren’t getting and storing user data?
  83. Standard Method for Securing a WordPress Site
  84. wordpress security (only one part of the site)
  85. Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
  86. Any way to disable /wp-login.php redirecting to the site folder?
  87. Could a user account with a stolen password compromised entire WP site?
  88. Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
  89. Secure a WordPress website in 2019: one plugin or a combinations of them?
  90. What are the different types of firewall protections available for a WordPress website?
  91. Is this a WordPress security bug?
  92. Competitor is somehow accessing MetaData on a hidden WordPress site
  93. WordPress Hacks/Defacing [closed]
  94. Directory to store secure file
  95. How can I give someone server access to only duplicate and modify a site?
  96. WP-JSON: Cross Origin Resource Sharing Vulnerability?
  97. How can I implement ansible with per-host passwords, securely?
  98. Why should I firewall servers?
  99. Does drilling a hole into a hard drive suffice to make its data unrecoverable?
  100. Can you alter the default wordpress strong password requirements?

Leave a Comment