Do you want to allow more file types to be uploaded in your forms? Having more files formats that can be uploaded to your site can provide more convenience for you and your users. In this tutorial, we’ll show you how to add different file extensions, while not compromising the security of your site.
- File Types Allowed By Default
- How to Support More File Upload Types
- Tips for Securing WordPress File Uploads
Note: Are you looking for instructions on creating a File Upload Form? Then be sure to check out our guide to the File Upload field.
File Types Allowed By Default
By default, WordPress only allows for certain types of files for security reasons. The common file formats include:
- Images like .png, .gif, .jpg
- Documents such as .doc, .xls, .ppt, .pdf
- Audio like .wav, .mp3, .mp4
- Video like .mpg, .mov, .wmv
Please note that some of the below file types do have the potential be misused. That’s why WordPress don’t enable them by default.
- Images such as .svg, .bmp
- Documents like .psd, .ai, .pages
- Code files such as .css, .js, .json
- Video like .flv, .f4l, .qt
How to Support More File Upload Types
To configure your site to accept additional file formats, you’ll need to install WP Extra File Types, a free WordPress plugin.
For details on how to add a plugin to your site, you might want to check out WPBeginner’s guide on how to install a plugin.
Once you’ve installed the WP Extra File Types plugin, in your WordPress admin area go to Settings » Extra File Types. On this page you can select the extra file types you’d like users to upload.
What If a File Type Isn’t in This List?
If you’d like to include a file format that is not found in the preset list, you can include your own. To do this, scroll down in the plugin to go to the Add your custom file types section and click on the plus (“+”) button.
This will open up a table of fields where you’re required to specify a file format by adding information to the Description, File Extension, and MIME Type fields. You can also add or remove the custom file types by clicking on the plus (“+”) minus (“−”) buttons respectively.
As an example, here’s the field with the information for a YAML file type:
MIME, which refers to “Multipurpose Internet Mail Extensions”, is a form of file identification on the web. For more details on MIME and for a list of MIME types, you can view information on MIME on this site.
When you’re done, click on Save Changes to apply the settings to your site.
Tips for Securing WordPress File Uploads
It may be convenient to allow users to upload all sorts of file formats, but it isn’t very secure. You can keep your site more secure while allowing for specific upload types by following these tips:
- Require users to be registered and logged in to submit your form
- Limit the file upload types to only those that you really need.
- Limit the file upload size
That’s it! You can now allow users to upload additional file types using your file upload form.
Do you want to get more tips for securing your site? Then be sure to check out WPBeginnner’s free ultimate guide to WordPress security.