Lord of the Files: Enhanced Upload Security

Lord of the Files: Enhanced Upload Security

WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.

Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.

The main features include:

  • Robust real filetype detection;
  • Full MIME alias mapping;
  • SVG sanitization (if SVG uploads have been whitelisted);
  • File upload debugger;
  • Fixes issues related to #40175 that have been present since WordPress 4.7.1.



misc Remove the plugin contributor monitoring feature.
improvement Apply MS workarounds for msg files.
fix Improve MP4 subtype detection.
misc Update MIME database.
fix Add missing link.
new This is a major new release! A lot of internal code has been refactored to take advantage of modern PHP language features.
new A new Tools > File Validation Reference page has been added explaining all of the various filters and settings available within the plugin.
new A new Settings > File Settings wizard has been added to make it easier to selectively disable individual plugin features.