Lord of the Files: Enhanced Upload Security
WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.
Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.
The main features include:
- Robust real filetype detection;
- Full MIME alias mapping;
- SVG sanitization (if SVG uploads have been whitelisted);
- File upload debugger;
- Fixes issues related to #40175 that have been present since WordPress 4.7.1.
Tools > File Validation Referencepage has been added explaining all of the various filters and settings available within the plugin.
Settings > File Settingswizard has been added to make it easier to selectively disable individual plugin features.