Embedding Iframes in WordPress

Posted on

Embedding an iframe in a WordPress post or page allows you to include external content like videos, forms, or other pages directly within your website. While WordPress, by default, restricts the use of iframes due to security concerns, there are several ways to safely integrate them. Let’s explore each method in detail.

Using a Plugin: This is perhaps the easiest and safest method to embed iframes in WordPress. Plugins are designed to extend the functionality of your site while maintaining security protocols. Two notable plugins for embedding iframes are Advanced iFrame and iframe. The Advanced iFrame plugin provides comprehensive features that allow you to include content from other websites securely and with great flexibility, such as specifying the exact area of the remote content to display. It also includes features like lazy load, responsiveness, and modification of iframe content. The simpler iframe plugin enables you to embed content using shortcodes, which is convenient for users who want a straightforward solution without extra bells and whistles.

To use a plugin like Advanced iFrame, you would typically install it through the WordPress plugin repository. After activation, you can follow the plugin’s instructions to insert iframes. This usually involves generating a shortcode that you can place anywhere in your posts, pages, or widgets. The shortcode approach is particularly user-friendly as it abstracts away the complexities of HTML and offers customization options through shortcode attributes.

Using the Block Editor (Gutenberg): With the introduction of the Gutenberg editor, WordPress has embraced a block-based editing environment. This method involves using the Custom HTML block to add your iframe directly to a post or page. To do this, you would start by opening the post or page editor and clicking on the "+" button to add a new block. Search for the “Custom HTML” block and select it. In the block that appears, paste the iframe code you want to embed. Gutenberg will keep your iframe code intact when you publish or preview the post, as it recognizes that the HTML block can contain various types of code, including iframes.

This method is particularly useful for those who prefer a more hands-on approach and are comfortable with HTML. However, it’s important to ensure that your iframe source is secure and reliable, as embedding content from unknown or untrusted sources can pose security risks to your site.

Editing Functions.php: For users who are comfortable with coding, modifying the functions.php file of your WordPress theme can provide a more flexible solution. This method involves adding a function that allows iframes within WordPress posts by adjusting the site’s content filters. Below is an example of how you might code this function:

function add_iframe_to_wp_kses_post($tags, $context) {
    if ('post' === $context) {
        $tags['iframe'] = [
            'src'             => true,
            'height'          => true,
            'width'           => true,
            'frameborder'     => true,
            'allowfullscreen' => true,
    return $tags;
add_filter('wp_kses_allowed_html', 'add_iframe_to_wp_kses_post', 10, 2);

This code snippet tells WordPress to allow the iframe tag along with several attributes like src, height, width, frameborder, and allowfullscreen within posts. By adding this function to your functions.php file, you effectively override the default filtering mechanism that strips out iframes, thereby enabling their use in posts. It’s crucial to back up your website before making such changes, as errors in the functions.php file can lead to site-wide issues that may affect its functionality and accessibility.

Using Classic Editor: If you are still using the Classic Editor in WordPress, embedding an iframe can be done directly in the "Text" tab of the editor, now known as the "Code" editor in more recent versions. In this tab, you can write or paste HTML directly, including iframe codes. This method appeals to those who are accustomed to the traditional WordPress interface and prefer to work directly with HTML without the intervention of blocks or additional plugins.

Regardless of the method you choose, always consider the source of the content you are embedding. Embedding an iframe that loads content from insecure or unknown sources can expose your site to risks such as XSS (Cross-Site Scripting) attacks, where malicious scripts are injected into the content viewed by your users. Furthermore, issues like clickjacking, where an attacker uses a transparent iframe to trick a user into clicking on something different than what the user perceives, can also arise.

Moreover, while iframes can be a powerful tool for integrating external content, they can also affect your website’s performance and SEO negatively if not implemented correctly. For instance, iframes are often not indexed in the same way as regular content, which can impact the SEO performance of your site. Additionally, iframes can slow down your page loading times, especially if the external content is large or poorly optimized.

While embedding an iframe in a WordPress post or page is technically straightforward, it requires careful consideration of both security and performance implications. Choosing the right method for your needs—whether it’s using a plugin for simplicity and additional features, leveraging the flexibility of the Gutenberg editor, coding changes to the functions.php file for a custom solution, or sticking with the familiar Classic Editor—will ensure that you achieve the desired functionality without compromising on security or user experience.

Was this helpful?

Thanks for your feedback!