Advanced Custom Fields ACF Front End Posting XSS Security using wp_kses

By North Street, A Creative Studio

If you ever find yourself using ACF Front-end posting, be SURE to add in this snippet to functions.php, to protect the site from possible XSS attacks:

/* Making sure any front-end ACF fields aren't vunderable to attacks. */
function ns_kses_post( $value ) {

	// is array
	if( is_array($value) ) {

		return array_map('ns_kses_post', $value);


	// return
	return wp_kses_post( $value );


add_filter('acf/update_value', 'ns_kses_post', 10, 1);
About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

Photo of Tom Conlon

CEO Tom Conlon in Conversation with Chris White

Designing for Interaction: How Animated Prototypes Revolutionize Website Development

man with arms folded in front of blue city background

Team Spotlight: Cristian Sánchez, Lead Developer