WordPress, by default, allows uploading only a few popular file types per category. That of course has a very good reason, security. However, there are some use cases where you need to upload a file type which isn’t listed in the WordPress allowed file type list – like a SVG image – for using in frontend design. Luckily, you can programmatically allow additional file type to WordPress allowed file type list.
Here is the list of file types WordPress allow by default.
That list surely covers every file type for daily needs, but not enough for high end sites which requires uploading of additional file types. Here are the two options to add custom file types in WordPress allowed list.
Using the upload_mimes
Filter
This is the most secured and the WordPress way to allow additional file type to WordPress allowed list. You can even choose to remove any file type from the default list. Any file uploaded through WordPress Media Uploader goes through the upload_mimes
filer for checking and sanitizing. Just hook into that and you are good to go. Here is the sample code that enables uploading on .svg and .webp images and removes .3gp and .3g2 videos (who uses these, anyway?) from default list.
function pn_filter_mime_types( $mime_types ) { //Add Additional Custom File Types $mime_types['svg'] = 'image/svg+xml'; // Adding .svg file type extension $mime_types['webp'] = 'image/webp'; // Adding .json file type extension //Remove Default File Types unset( $mime_types['3gp'] ); // Remove .3gp file type extension unset( $mime_types['3g2'] ); // Remove .3g2 file type extension //Return Filtered Mime Types return $mime_types; } add_action( 'upload_mimes', 'pn_filter_mime_types' );
The code goes to your theme’s functions.php
file, or any plugin file if you want to implement it on a plugin.
Allowing Unfiltered Uploads
This method lowers your WordPress security and I DO NOT recommend using it unless you absolutely have to. Also, this method is limited only to Administrator level users and doesn’t have any impact on Authors or Editors.
If you want to upload almost any file using WordPress Media Library, then this is the quickest and easiest option. All you need to do is add the following line of code in your wp-config.php
file located in the root directory of WordPress installation.
define( 'ALLOW_UNFILTERED_UPLOADS', true );
This code, defining the ALLOW_UNFILTERED_UPLOADS
to true (which is false by default), bypasses the default upload permissions and file type checking for Administrates. Anyone (read Hacker) having admin access can upload malicious files and take full control of your WordPress site.
There you have it. You can now use webp images to load your site faster or use svg files for a crisp icon in all screen sizes. Tell me, which file types you want to be added/removed from default allowed file types? Do let me know in comments.
1 Comment
John P
Thanks for the
webp
example.Join PixelNet Community
Join our mailing list and get exiting WordPress resources and offers directly in your Inbox.No SPAM Promise
SUBSCRIBE NOW