HTML Entities in WordPress: Why They Appear

WordPress developers and content managers encounter HTML entities in a few specific situations — entity codes showing up as literal text in places they should not, or needing to understand why & appears where & should be. The cause is usually WordPress's encoding layer, and knowing where it applies (and where it does not) makes the fix clear.

How WordPress Stores and Outputs HTML Entities

WordPress stores post content in the wp_posts database table. The post_content column stores content that has already been processed through WordPress's encoding functions. Special characters and quotes in titles and excerpts are encoded as entities to prevent database injection issues and ensure safe storage.

When WordPress outputs content through template functions like the_title(), the_excerpt(), and the_content(), the encoding is decoded back to the actual characters for display. In the normal theme/template flow, you never see the raw entities.

Where entities become visible as literal text:

• Direct database queries that bypass WordPress's template functions
• CSV or SQL exports from the database
• REST API responses for certain fields (title.rendered vs title.raw)
• Third-party plugins that pull content without running it through wp_kses() or the appropriate decoding functions
• Email notifications that copy content without decoding

Common WordPress HTML Entity Problems

& showing in post titles
This appears when a plugin or theme displays the post title using get_the_title() or reads directly from the database rather than the_title(). the_title() decodes entities; get_the_title() returns the encoded version. Fix: use the_title() in your template, or wrap get_the_title() with wp_specialchars_decode(get_the_title(), ENT_QUOTES).

Encoded characters in RSS feeds
WordPress RSS feeds encode content correctly for XML. If your feed reader shows raw entities, it may be a reader rendering issue rather than a WordPress bug.

Encoded content after import
Importing content via CSV or XML sometimes double-encodes entities. The content was encoded once in the source, then encoded again by the import process. Decode the source content before importing, or use the browser decoder to clean it afterward.

Encoded characters in emails
WordPress notification emails (new comment, password reset) sometimes show entity codes when the email client does not render the HTML. These are HTML emails — if your client is showing plain text, entities show literally.

Sell Custom Apparel — We Handle Printing & Free Shipping

WordPress Functions for Decoding HTML Entities

If you are working in PHP templates or plugins, these WordPress functions handle entity decoding:

• wp_specialchars_decode($string) — Converts & < > " back to their characters. The WordPress equivalent of PHP's html_entity_decode().
• esc_html() — Encodes for HTML output (the reverse direction — use for outputting user data safely).
• the_title() vs get_the_title() — the_title() echoes a decoded title. get_the_title() returns the encoded raw value. Use the_title() in templates.
• the_content() — Applies all content filters including entity decoding. Always use this to output post content, not a raw database query result.

The general pattern: always use WordPress's template tags rather than direct database access. The template tags handle encoding/decoding correctly as part of their design.

Quick Fix: Decoding Entity-Polluted WordPress Content

If you have exported WordPress content (CSV, XML, or a database dump) and it is full of entity codes, the browser decoder tool is the fastest fix for one-off cleanup:

1. Copy the entity-polluted text from your export
2. Paste into the HTML entity decoder
3. Click Decode
4. Copy the clean output

For bulk cleanup of a full export file, a short PHP or Python script is more practical than doing it piece by piece. PHP: html_entity_decode($content, ENT_QUOTES | ENT_HTML5, 'UTF-8') applied to each field. Python: html.unescape(content).

For database cleanup (changing the stored values directly): be very cautious. WordPress expects its encoding conventions in the database. Decoding at the storage level can break things if WordPress re-encodes on save. Better to decode at the output layer rather than in the database.

Frequently Asked Questions

Why is WordPress showing & instead of & in my post title?

The post title is being output without decoding. Use the_title() in your template instead of get_the_title(), or wrap the latter with wp_specialchars_decode().

How do I decode HTML entities from a WordPress database export?

For one-off text: paste into the HTML entity decoder and decode. For bulk: use PHP html_entity_decode() or Python html.unescape() on the exported content before reimporting.

Does WordPress automatically encode HTML entities in content?

Yes, for titles and excerpts. Post body content is stored largely as-is but certain characters get encoded. Template functions like the_title() and the_content() decode the content on output.

Is it safe to decode HTML entities directly in the WordPress database?

Generally no — WordPress relies on its encoding conventions. Decode at the output layer (template functions) rather than modifying database values directly.