Writing & Editing

Code

Most sites on WordPress.com use a shared environment, meaning that they all run the same software. This is great because it allows us to update millions of sites at the same time. It means we can fix bugs or offer new features very quickly, which is a win for you as users.

Running multiple sites on the same software can also be dangerous. If we aren’t careful, one site can be used to take down the entirety of WordPress.com. This is why we limit some of the things you post on your site. If you write some code or copy-and-paste from another site, and then it disappears after publishing the post, the code is likely being stripped out as a security precaution. If you feel it’s being stripped out improperly, or if you would like to suggest additional types of code we should allow, please contact support.

If you would like to add any code that you want, the WordPress.com Business Plan now offers that option. Click here for more information on adding code on the Business Plan.

HTML Tags

WordPress.com allows the following HTML code in your posts, pages, and widgets:

address, a, abbr, acronym, area, article, aside, b, big, blockquote, br, caption, cite, class, code, col, del, details, dd, div, dl, dt, em, figure, figcaption, footer, font, h1, h2, h3, h4, h5, h6, header, hgroup, hr, i, img, ins, kbd, li, map, mark, ol, p, pre, q, rp, rt, rtc, ruby, s, section, small, span, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var

Check out W3 Schools for more information about what each of these HTML codes are used for.

If you are familiar with HTML, you’ll notice that codes such as embed, frame, iframe, form, input, object, textarea and others are missing from the above list. Those codes are not allowed on the Premium Plan and below for security reasons.

↑ Table of Contents ↑

JavaScript

Users on the Premium Plan and below are also not allowed to post JavaScript. JavaScript can be used for malicious purposes. As an example, JavaScript has taken sites such as MySpace.com and LiveJournal offline in the past. The security of all WordPress.com sites is a top priority for us, and until we can guarantee scripting languages will not be harmful, they will not be permitted.

JavaScript from trusted partners, such as YouTube and Google Video, is converted into a WordPress shortcode when a post is saved.

↑ Table of Contents ↑

Flash and Other Embeds

Flash and other types of embed that use; frame, iframe, form, input, object, textarea are not allowed in WordPress.com posts, pages, or text widgets on the Premium Plan and below.

For security reasons, we remove the tags needed for these to work. Your intentions may be innocent, but someone somewhere might try to use such embeds to damage the site, affecting all of our users.

There are several safe ways to post Videos, Audio, and other items to your WordPress.com site. In addition, the Embedding content page lists the various types of embeds that are allowed.

↑ Table of Contents ↑

Posting Source Code

See our Posting Source Code article for details on how to easily post source code on your blog.

↑ Table of Contents ↑

Business Plan

The code limitations mentioned above apply only to the Free, Personal, and Premium Plans. On the Business Plan, you have the option to install third-party plugins and themes. Custom plugins and themes are often vulnerable to malicious attacks, so when you choose to install them, we separate your site from the shared WordPress.com environment. We also make substantial infrastructure changes behind the scenes to help keep your site secure.

Because of these changes, once you install a custom plugin or theme on the Business Plan, you are free to add any code that you want anywhere on your site — JavaScript, Flash, everything is fair game!

At the same time, please be extra-careful when adding custom code. Your site is separated from the shared environment, so it can’t be exploited to attack all of WordPress.com, but may itself still be vulnerable. As such, we recommend that you only add code that comes from a reputable source. If you are ever in doubt, err on the side of caution.

Still confused?

Contact support.

Not quite what you're looking for?

Get Help