WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.
Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.
The main features include:
- Robust real filetype detection;
- Full MIME alias mapping;
- SVG sanitization (if SVG uploads have been independently allowed);
- File upload validation debugger;
- Fixes issues related to #40175 that have been present since WordPress
4.7.1
.
- Fixes ambiguous media extensions #40921
Nothing fancy! You can use the built-in installer on the Plugins page or extract and upload the
blob-mimes
folder to your plugins directory via FTP.
To install this plugin as
Must-Use, download, extract, and upload the
blob-mimes
folder to your
mu-plugins
directory and follow the third example listed under
Caveats; the main file for this plugin is
blob-mimes/index.php
.
Please note: MU Plugins are removed from the usual update-checking process, so you will need to handle all future updates manually.