wp_kses_post()WP 2.9.0

Sanitizes the passed string (content), leaving in it only allowed post content HTML tags for the current user.

This function is a wrapper for such code:

wp_kses( $data, 'post' );

This function can be used to sanitize raw user input data passed in $_POST:

$some_array = array_map( 'wp_kses_post', $_POST['some_array'] );

This function expects unslashed string (data)! It means that before using it you need to remove all slashes, see wp_unslash(), that WP automatically adds to any global data, for example $_POST, see wp_magic_quotes().

Uses: wp_kses()
1 time — 0.000492 sec (fast) | 50000 times — 10.07 sec (slow) | PHP 7.1.5, WP 4.8

No Hooks.


String. Filtered post content with allowed HTML tags and attributes intact.


wp_kses_post( $data );
$data(string) (required)
Post content to filter.



#1 Sanitize the string

Function demonstration: clears string $str of unwanted HTML tags.

$str = $_POST['text'];
$str = wp_kses_post( $str );

// now $str can be safely written to the database or displayed

#2 More examples

See examples of wp_kses().


Since 2.9.0 Introduced.

Code of wp_kses_post() WP 5.9.3

function wp_kses_post( $data ) {
	return wp_kses( $data, 'post' );