Do you want to allow more file types to be uploaded in your forms? Having more files formats that can be uploaded to your site can provide more convenience for you and your users. In this tutorial, we’ll show you how to add different file extensions, without compromising the security of your site.
Note: Are you looking for instructions on creating a File Upload Form? Then be sure to check out our guide to the File Upload field.
File Types Allowed By Default
By default, WordPress only allows for certain types of files for security reasons. The common file formats include:
- Images like .png, .gif, .jpg
- Documents such as .doc, .xls, .ppt, .pdf
- Audio like .wav, .mp3, .mp4
- Video like .mpg, .mov, .wmv
Please note that some of the below file types do have the potential be misused. That’s why WordPress doesn’t enable them by default.
- Images such as .svg, .bmp
- Documents like .psd, .ai, .pages
- Code files such as .css, .js, .json
- Video like .flv, .f4l, .qt
Adding More File Upload Types
To configure your site to accept additional file formats, you’ll need to install File Upload Types, a free WordPress plugin by WPForms.
For details on how to add a plugin to your site, you might want to check out WPBeginner’s guide on how to install a plugin.
Once you’ve installed the File Upload Types plugin, in your WordPress admin area go to Settings » File Upload Types. On this page you can select the extra file types you’d like users to upload.
What If a File Type Isn’t in This List?
If you’d like to include a file format that is not found in the preset list, you can include your own.
To do this, scroll down to Add Custom File Types. Then, you’ll need to specify a file format. This is done through 3 fields:
- File Description: A brief description of the file type’s purpose.
- MIME Type: The category and data type represented by the new file type.
- Extension: The extension type that will be associated with this file (e.g., .jpg, .docx, etc.).
Note: MIME is a form of file identification on the web. For more details on MIME and for a list of MIME types, you can view information on MIME on this site. To determine what MIME type a file is, you can use an online file checker like this one.
Once you’ve filled in all these details, click on the Save Settings button to apply the settings to your site.
As an example, here’s the field with the information for a YAML file type:
You can also add another custom file type by clicking on the plus button (+), or remove a file type by clicking the trash can button.
Tips for Securing WordPress File Uploads
It may be convenient to allow users to upload all sorts of file formats, but it isn’t very secure. You can keep your site more secure while allowing for specific upload types by following these tips:
- Require users to be registered and logged in to submit your form
- Limit the file upload types to only those that you really need.
- Limit the file upload size
That’s it! You can now allow users to upload additional file types using your file upload form.
Do you want to get more tips for securing your site? Then be sure to check out WPBeginnner’s free ultimate guide to WordPress security.