How to enable safe SVG uploads in WordPress

WordPress supports the upload of the following image file types:

  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico

By default, WordPress still doesn’t support SVG uploads. Given that the SVG files are actually XML type of files, they could bring up several security issues. SVGs are vulnerable to attacks like XXE, bomb nested entities and XSS attacks. Though there are options to overcome the upload restriction, it is important to have the safety of your website on your mind while doing it.

It would be the easiest way for a user to enable the MIME file type to allow SVG uploads to the WordPress Media Library. Still, this would be the wrong way to do it, mainly because SVGs need to be sanitized before the upload. For this purpose, we recommend Safe SVG plugin that utilizes SVG Sanitizer library.  Another good practice is to restrict upload rights in WordPress to the limited group of users who will dutifully maintain this part of the job. 

At the moment SVG is used by only 17,7% of all the websites. However, it has a rapidly growing adoption trend. Regardless of its downside benefits of using SVG file types for simpler graphics, like icons and logo, are non-negligible.

Usage Statistics of SVG for Websites,  1.12.2017. – 7.12.2018.

Was this article helpful?
0 out of 0 found this helpful

We're always happy to help with any questions you might have!
Ask the Community or open a support ticket and our team will reply with a solution.