You don’t have to do anything.
On WP load:
'init' hook -> kses_init() -> kses_init_filters()
Later:
wp_insert_post() -> sanitize_post() -> sanitize_post_field() -> 'content_save_pre' -> wp_filter_post_kses()
Similarly for post titles, comment text etc.
Conclusion: wp_insert_post() is very sanitized. 🙂
Related Posts:
- When to use esc_html and when to use sanitize_text_field?
- What’s the difference between esc_* functions?
- is_email() VS sanitize_email()
- Which KSES should be used and when?
- How to escape custom css?
- Do Cookies Need to be Sanatized Before Being Saved?
- Is default functions like update_post_meta safe to use user inputs?
- vs WordPress Security
- How Could I sanitize the receive data from this code
- Is wp_kses the right approach in sanitizing this string?
- Is it sensible to worry about sanitizing admin input in plugin custom CSS?
- Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
- Does meta-data need to be sanitized?
- Do we need to escape data that we receive from theme options?
- How WordPress sanitizes post content on save? Or it doesn’t?
- how to sanitizing $_POST with the correct way?
- what is a auth_user_file.txt?
- How to view PHP on live site
- Is moving wp-config outside the web root really beneficial?
- Hide the fact a site is using WordPress?
- Verifying that I have fully removed a WordPress hack?
- Best way to eliminate xmlrpc.php?
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
- Should I remove install.php and install-helper.php?
- Are Nonces Useless?
- What is the difference between esc_html filter vs attribute_escape filter?
- How do I technically prove that WordPress is secure?
- WordPress it’s cleaning a custom query_var to avoid sql injections?
- How do WordPress Nonces Work?
- Tips for finding SPAM links injected into the_content
- Is WordPress vulnerable to the httpoxy?
- How can I easily verify a core or plugin update has not broken anything?
- Vanilla WordPress install, what can/should I put in disable_functions?
- wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
- Secure my “add_settings_field” translation?
- Is there a security risk giving someone temporary access to my blog’s code?
- How to properly sanitize/secure a WP Query coming from the front end
- WordPress Logout Only If User Click Logout or If User Delete Browser History
- How brute-forcer knows that the password is cracked for target username?
- wp_insert_post disable HTML filter
- Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
- Completely remove the author url
- Restricting access to content
- About WordPress site security
- Relative security of different releases of WordPress
- Where to store OAuth 2.0 client id and secret?
- How can I safely use $_SERVER[‘REQUEST_URI’] to avoid XSS?
- Using HTACCESS for Secret Access
- Definitive wordpress directory ownership and permissions on linux
- Changing Table Prefixes – once done, am I good to go going forward?
- wordpress website host price and security [closed]
- What is the safe way to print tracking code / pixel code before tag or tag
- Are there security risks in working directly in the themes folder that builds into a theme folder?
- Changing the default header name
- how much information can we hide when using wordpress cms?
- Is it safe to use a global wp nonce per user instead of a nonce per action?
- What’s the proper way to sanitize checkbox value sent to the database
- Basic password protection without using users and roles
- System setting changed by system user
- Will there be security updates for WordPress 4.9.9
- Any known bugs that could cause disappearance of the wp_users table?
- 404/500 error on content images if Referer header is from another domain [closed]
- Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
- Restrict Access without Creating Users
- Switching between security plugins is a risk?
- How to obfuscate wp-config.php or code
- Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
- How to prevent to direct access of my custom plugin folder/files
- Checking for origin of a xmlrpc request
- RESTRICT EDIT of PHP files?
- wp-content – permissions for files/folders created by apache
- How can I restrict access to specific parts of a page, not just the page itself?
- User generated content and security
- Are major WordPress updates mandatory for security?
- i moved wp-config.php outside of public html and this broke my website
- Monitor wordpress all external calls
- Is it safe to use the basic administration with reduced rights for private member space
- Securing WordPress running on Azure platform
- Verifying that I have fully removed a WordPress hack?
- Spam Registrations
- How can I have more confidence that WP plugins aren’t getting and storing user data?
- Standard Method for Securing a WordPress Site
- wordpress security (only one part of the site)
- Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
- Any way to disable /wp-login.php redirecting to the site folder?
- Could a user account with a stolen password compromised entire WP site?
- Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
- Secure a WordPress website in 2019: one plugin or a combinations of them?
- What are the different types of firewall protections available for a WordPress website?
- Is this a WordPress security bug?
- Competitor is somehow accessing MetaData on a hidden WordPress site
- WordPress Hacks/Defacing [closed]
- Directory to store secure file
- How can I give someone server access to only duplicate and modify a site?
- WP-JSON: Cross Origin Resource Sharing Vulnerability?
- How can I implement ansible with per-host passwords, securely?
- Why should I firewall servers?
- Does drilling a hole into a hard drive suffice to make its data unrecoverable?
- Can you alter the default wordpress strong password requirements?