Back-end support

This plugin improves upload/file security for items uploaded through the media library (and any other area that uses WP’s default upload hooks).

The main change is that the plugin checks file contents to help make sure it is what it claims to be. For example, if one of your users tries to upload a Zip file named “foo.jpg”, the plugin will see that it is a Zip and not a JPEG, rename it to “foo.zip”, and make sure that Zip file types are actually allowed to be uploaded. (WordPress by default mostly just trusts the file name.)

This plugin also brings significant SVG sanitizing, but that only applies if you have whitelisted that file type. By default, WordPress does not allow SVG uploads.

In general, I do not recommend letting untrusted users upload files to your site, especially if those files are incorporated into the theme in a public way. Just because a PDF is actually a PDF does not mean it isn’t malicious. At the very least you should take a look at the upload_mimes filter (if you haven’t already) to limit the types of files such users can upload.

Hi,

Thanks for your reply. What’s the scalability of the plugin? How much degradation would it add if I had thousands or tens of thousands of people concurrently uploading images?

Thanks!

If you are allowing untrusted users to upload files, you need to ensure you are using this plugin or something like it. WordPress by and large does not validate files; it merely checks to see that the filename contains an extension the site has chosen to allow. A file name is completely arbitrary, so there is nothing to stop someone from renaming malicious.swf to happy.jpg.

That said, if you are only focusing on images, and only focusing on “normal” image types like JPEG and GIF, name-based trickery will be largely mooted by the thumbnail generation processes; GD or ImageMagick will be unable to detect and process a (fake) image, resulting in failure. But if you allow other types of images, like SVG, WebP, JPEG2000, etc., this won’t apply.

In terms of overhead, file validation is a very small fraction of the overall script execution, and an even smaller fraction of the resources required by the server to process the request. If you have already tweaked your server environment to handle 10,000+ simultaneous uploads, this plugin will just be a drop in the ocean.

This plugin hooks into the wp_check_filetype_and_ext filter, which is triggered each time a new file is uploaded to WordPress (after the file is uploaded, before the file is permanently saved).

For SVG files (if SVG files have been whitelisted; they aren’t by default), the entire file is read into memory, parsed, sanitized, and re-saved. This brings with it a lot of overhead relative to doing nothing, but since the SVG format is so inherently dangerous, it can’t really be avoided.

For all other files, this plugin runs checks similar to those WordPress performs on its own, but applies them to more file types, and checks the results against a comprehensive database of MIME type aliases to help mitigate server-side inconsistencies and ensure that files that are allowed are allowed, and files that aren’t aren’t. In terms of overhead, this roughly doubles the amount of time WordPress spends validating a file, but again, validation is just a tiny fraction of the overall execution time.

Ok, great. Thank you for your guidance and excellent plugin. Very much appreciated ??

No problem! Good luck with your project!