Advanced Custom Fields

• Hugely popular free & paid plugin
• Provides UI for custom fields
• Used on 40% of Anchor Hosting customers
• Active development by WP Engine team

What happens if I ignore the warning?

Most likely everything will be fine. Worse case parts of your front-end where ACF is used might break.

So what really is changing?

In ACF 6.2.7, expected later this month, functions the_field() and the_sub_field() with strip unsafe HTML.

Similar to the WordPress editor, tags like <script> tags, or <iframe> will be stripped from being displayed.

Many warnings are safe

For example & will become &

If you do need to support <script> or <iframe> from ACF fields then

Change the_field() to echo get_field() or the_sub_field() to echo get_sub_field()

Work with ACF security not against

• Do not blindly turn off security by changing all the_field() references
• Try out new behavior early and fix just what's needed with the following filter

add_filter( 'acf/the_field/escape_html_optin', '__return_true' );

Will this affect my WordPress website?

Probably not

Google defines bulk senders as anyone who send more than 5,000 messages to Gmail addresses in one day Read Google Blog post here

Who does it affect?

Services like Mailchimp, Constant Contact and ActiveCampaign

The solution requires new DNS records

Mailchimp required DNS records

CNAME Record

Name k2._domainkey Value dkim2.mcsv.net

CNAME Record

Name k3._domainkey Value dkim3.mcsv.net

TXT record

Name _dmarc Value v=DMARC1; p=none;

Constant Contact required DNS records

CNAME Record

Name ctct1._domainkey Value 100._domainkey.dkim1.ccsend.com

CNAME Record

Name ctct2._domainkey Value 200._domainkey.dkim2.ccsend.com

TXT record

Name _dmarc Value v=DMARC1; p=none;

Never hurts to be proactive

• Do I have an SPF record?
• Do I have a DMARC record?
• Do I have a DKIM enabled?