Per this Trac ticket, WP intentionally disallows adding the ‘unfiltered_html’ capability to any non-Super Admin users on the WordPress multisite network. This is due to potential security vulnerabilities that could result from doing to. As that ticket points out:

Any user could add Javascript code to steal the login cookies of any visitor who runs a blog on the same site. The rogue user can then impersonate any of those users and wreak havoc.

If you just want those users to be able to insert things like YouTube video iframes, you could instead use WP’s built-in embed shortcode to embed that content instead.

If that’s not enough, and you need to extend the ‘unfiltered_html’ capability to non-Super Admins, the code below can be used to do that. Just be sure that you trust those users 100% – with great power comes great responsibility.

Just change ‘editor’ on line 13 with whichever user role you need to add the unfiltered_html capability to.

Props to Justin Tadlock for the code he posted on this thread.

You may also want to check out this plugin by Automattic that gives both Administrators and Editors the unfiltered_html capability on multisite installs:


  1. Nukium February 2, 2017 at 9:23 am


    I’ve been looking for this for ages, you’re a hero.

  2. Anton Chizhikov February 22, 2017 at 8:55 am


    Where shouljd I add the code , Kellen?

    • Kellen Mace March 24, 2017 at 9:28 am


      You could create a new plugin with that code inside of it, or put that code inside of the theme’s functions.php file. Putting it inside of a plugin would be the preferred way to include it, since that way you would be able to change your theme without that capability being lost (which WOULD happen if you put it in the theme’s functions.php). Either way would work, though.

  3. Thomas May 9, 2017 at 4:57 am



    I run a WP multisite network and I am interested by this feature (allowing to site admins to use unfiltered html). However, I can’t thrust the site admins.

    My network used domain mapping and every site has a different domain (I don’t use subdomain). For this reason, I don’t think that user could “steal” cookies or do anything else that could harm the network. And then, this feature wouldn’t add a security issue. Is-that correct?

    Thank you!

  4. Barbro August 26, 2017 at 3:30 pm


    Thank you, this was soooo useful !!
    Now our admins and editors can update pages without the code being messed up …!

  5. docker November 7, 2017 at 4:48 am


    Awesome! Thank you! After I’ve ried a lot of alternatives this one finally works.

  6. Jon Childs August 30, 2018 at 6:16 pm


    I run a multisite network and this didn’t work for me. Has something changed in newer versions of WP? Thank you for any insight!

    • André Vieira January 24, 2019 at 12:41 pm


      I found that code snippet from Unfiltered MU plugin. It seems to be working.

      // Add the unfiltered_html capability back in to WordPress 3.0 multisite.
      function um_unfilter_multisite( $caps, $cap, $user_id, $args ) {
      if ( $cap == ‘unfiltered_html’ ) {
      unset( $caps );
      $caps[] = $cap;
      return $caps;
      add_filter( ‘map_meta_cap’, ‘um_unfilter_multisite’, 10, 4 );

Leave a reply

Your email address will not be published. Required fields are marked *