Lord of the Files: Upload-Related Security Enhancements

plugin banner

This plugin expands file-related security around the upload process.

Author:Blobfolio, LLC (profile at wordpress.org)
WordPress version required:5.2
WordPress version tested:6.5
Plugin version:1.3.18
Added to WordPress repository:27-03-2017
Last updated:03-04-2024
Rating, %:100
Rated by:10
Plugin URI:https://wordpress.org/plugins/blob-mimes/
Total downloads:73 805
Active installs:1 000+
plugin download
Click to start download

WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.

Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.

The main features include:

  • Robust real filetype detection;
  • Full MIME alias mapping;
  • SVG sanitization (if SVG uploads have been independently allowed);
  • File upload validation debugger;
  • Fixes issues related to #40175 that have been present since WordPress 4.7.1.
  • Fixes ambiguous media extensions #40921

Requirements

  • WordPress 5.2 or later.
  • PHP 7.3 or later.
  • dom PHP extension.
  • fileinfo PHP extension.
  • mbstring PHP extension.
  • xml PHP extension.

Please note: it is not safe to run WordPress atop a version of PHP that has reached its End of Life. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. ????

Privacy Policy

This plugin does not make use of or collect any “Personal Data”.


Screenshots
FAQ
ChangeLog