Advanced Custom Fields ACF Front End Posting XSS Security using wp_kses

By North Street, A Creative Studio

If you ever find yourself using ACF Front-end posting, be SURE to add in this snippet to functions.php, to protect the site from possible XSS attacks:

/* Making sure any front-end ACF fields aren't vunderable to attacks. */
function ns_kses_post( $value ) {

	// is array
	if( is_array($value) ) {

		return array_map('ns_kses_post', $value);


	// return
	return wp_kses_post( $value );


add_filter('acf/update_value', 'ns_kses_post', 10, 1);
About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

A bowler hat with radio waves behind it

From Layoff to Leadership: Tom Conlon’s Journey to a Prosperous Business

Welcome to Your 2024 Branding Pep Talk

A bowler hat with radio waves behind it

CEO Tom Conlon talks shop on Podcast Marketing Secrets