Search

Table of Contents

unfiltered_upload

You are here:

What is the unfiltered_upload permission in WordPress?

The unfiltered_upload permission is closely related to unfiltered_html. If this permission is given to a user, they can upload files are NOT on the WordPress whitelist:

  • Images: jpg, jpeg, png, gif, ico
  • Documents pdf, doc, docx, ppt, pptx, pps, ppsx, odt, xls, xlsx, psd
  • Audio: mp3, m4a, ogg, wav
  • Video: mp4, m4v, mov, wmv, avi, mpg, ogv, 3gp, 3g2

So if a user does not have this permission, they will be blocked from uploading any file type that is not on the list above.

For example, a user without the unfiltered_upload permission will see this message if they try to upload a .svg file: “Sorry, this file type is not permitted for security reasons.”

Not Permitted
Not Permitted

Who has the unfiltered_upload permission?

By default, this permission is not available to any role. The permission needs to be enabled by adding this line to in your wp-config.php file:

define( 'ALLOW_UNFILTERED_UPLOADS', true );

All roles on a single site install can be given this unfiltered_upload permission, but only Super Admins can be given the capability on a Multisite install.


How to control who has the unfiltered_html permission

You can control who has the activate_plugins permission by installing the PublishPress Capabilities plugin.

  • After installing PublishPress Capabilities, go to “Capabilities” in your admin menu.
  • Choose the role you want to edit in “Select Role to View / Edit”.
  • Enter “unfiltered_html” into the “Add Capability” box.
  • Click “Add to role”.
Unfiltered
Unfiltered
  • Check or uncheck the “unfiltered html” box in the “Other WordPress Core Capabilities” area.
Unfiltered Html 1
Unfiltered Html 1

Professional publishing plugins for WordPress! Get PublishPress