Lord of the Files: Enhanced Upload Security

Lord of the Files: Enhanced Upload Security

WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.

Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.

The main features include:

  • Robust real filetype detection;
  • Full MIME alias mapping;
  • SVG sanitization (if SVG uploads have been whitelisted);
  • File upload debugger;
  • Fixes issues related to #40175 that have been present since WordPress 4.7.1.

Screenshots

Changelog

0.7.2
misc Add links to entry on Plugins page.
0.7.1
new Improve display of contributor change notices and provide opt-out link.
misc Update MIME database.
0.7.0
new Display a warning on the Update and Plugins pages if a plugin’s contributors have changed since the last update.
misc Update MIME database.
0.6.7
improvement Aliases are now checked for all allowed types.
0.6.6
misc Update MIME database.
0.6.5
improvement File validation debug output.
0.6.4
improvement Better “detection” for empty files.
0.6.3
misc Update MIME database.
0.6.2
misc Update MIME database.
0.6.1
misc Update MIME database.
0.6.0
misc Rebase to relicened blob-mimes source library.
0.5.6
misc Update MIME database.
0.5.5
improvement Lighter-weight SVG type detection.
fix Suppress some filesystem warnings.
0.5.4
change Remove build from plugin version to match WP’s new standard.
misc Update MIME database.
0.5.3-2
improvement Must-Use compatibility.
0.5.3-0
misc Update MIME database.
0.5.2
misc Spanish translation.
0.5.1
misc Update MIME database to improve XLSM detection.
improvement Cleaned file upload debugger.
0.5.0
new SVG sanitizing support.
change Updated MIME database.
change Disentangle this plugin from the proposed patch #39963; that enhancement is a WONTFIX.
0.1.3
new Upload debugging tool to help provide additional information about why a file is failing.
0.1.2
improvement Rebuild database to catch additional occurrences of application/CDFV2-xxx
new Integrate update support.