A Safe Way to Allow Upload of All File Types?

Posted by user34682 on Pro Webmasters See other posts from Pro Webmasters or by user34682
Published on 2013-06-28T14:07:55Z Indexed on 2013/06/28 22:29 UTC
Read the original article Hit count: 124

Filed under:

By default WordPress restricts the file types that can be uploaded to /uploads using the default Media Manager. I know it is possible to manually extend the allowed file types. I also know it is possible to change functions.php to allow ALL file types to be uploaded.

This restriction obviously exists for security concerns - e.g. someone could upload a harmful .exe

Would it not be possible to allow secure upload of all filetypes by setting the permissions of the /uploads directory to prevent execution of any of its contents? Thus it wouldn't matter if someone uploaded a harmful file because it would not be executable on the server...

© Pro Webmasters or respective owner

Related posts about security