The media_embedded_in_content_allowed_types WordPress PHP filter allows you to modify the list of allowed media types that can be embedded in the content.
Usage
add_filter('media_embedded_in_content_allowed_types', 'my_custom_media_types');
function my_custom_media_types($allowed_media_types) {
// your custom code here
return $allowed_media_types;
}
Parameters
$allowed_media_types(string[]): An array of allowed media types. Default media types are ‘audio’, ‘video’, ‘object’, ’embed’, and ‘iframe’.
More information
See WordPress Developer Resources: media_embedded_in_content_allowed_types
Examples
Adding an additional media type
Allow ‘picture’ media type in addition to the default media types.
add_filter('media_embedded_in_content_allowed_types', 'allow_picture_media_type');
function allow_picture_media_type($allowed_media_types) {
$allowed_media_types[] = 'picture';
return $allowed_media_types;
}
Disallowing ‘iframe’ media type
Remove ‘iframe’ from the list of allowed media types.
add_filter('media_embedded_in_content_allowed_types', 'disallow_iframe_media_type');
function disallow_iframe_media_type($allowed_media_types) {
$key = array_search('iframe', $allowed_media_types);
if ($key !== false) {
unset($allowed_media_types[$key]);
}
return $allowed_media_types;
}
Allowing only ‘audio’ and ‘video’ media types
Restrict allowed media types to only ‘audio’ and ‘video’.
add_filter('media_embedded_in_content_allowed_types', 'only_audio_video_media_types');
function only_audio_video_media_types($allowed_media_types) {
return array('audio', 'video');
}
Clearing all allowed media types
Disallow all media types from being embedded in the content.
add_filter('media_embedded_in_content_allowed_types', 'clear_all_media_types');
function clear_all_media_types($allowed_media_types) {
return array();
}
Customizing allowed media types based on user role
Allow ‘iframe’ media type only for users with the ‘administrator’ role.
add_filter('media_embedded_in_content_allowed_types', 'allow_iframe_for_admins');
function allow_iframe_for_admins($allowed_media_types) {
if (current_user_can('administrator')) {
$allowed_media_types[] = 'iframe';
}
return $allowed_media_types;
}