Documentation, Reference Materials and Tutorials for WPForms
Want to accept file uploads, such as Photoshop files, with a form? We’ve made it easy for users to upload all sorts of file types with WPForms.
You may have noticed that by default, WordPress only allows for certain types of files for security reasons. Common file formats include:
- Images like .png, .gif, .jpg
- Documents such as .doc, .xls, .ppt, .pdf
- Audio like .wav, .mp3, .mp4
- Video like .mpg, .mov, .wmv
To accept additional file formats, you’ll need to install a plugin.
WP Extra File Types is a free WordPress plugin that allows you to add file types to the default list of file extensions supported by the Media Library upload.
Please note that some of the below file types do have the potential be misused. That’s why we don’t enable them by default.
- Images such as .svg, .bmp
- Documents like .psd, .ai, .pages
- Code files such as .css, .js, .json
- Video like .flv, .f4l, .qt
How to Support More File Upload Types
You’ll also need to have a form created that allows for file uploads.
Then you can go through and enable any extra formats you expect your users to need.
To do that, go to Settings » Extra File Types. Select the extra file types you’d like to allow users to upload and save.
Securing WordPress File Uploads
It may be convenient to allow users to upload all sorts of file formats, but it isn’t very secure. Allowing any kind of file upload leaves the door wide open for hackers to access other files on your web hosting server. For that reason, WordPress limits the file upload types to common file types that are the most secure.
You can keep your site more secure while allowing for specific upload types by following these tips:
- Require users to be registered and logged in to submit your form
- Limit the additional file upload types to only those that you really need.
- Limit the file upload size from Fields » File Upload » Max File Size
Get more security tips in our free ultimate guide to WordPress security.
That’s it! Users can now upload many file types using your file upload form.