Lord of the Files: Enhanced Upload Security
WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.
Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.
The main features include:
- Robust real filetype detection;
- Full MIME alias mapping;
- SVG sanitization (if SVG uploads have been whitelisted);
- File upload debugger;
- Fixes issues related to #40175 that have been present since WordPress 4.7.1.