Skip to content

How to Enable SVG Uploads in WordPress

By default WordPress does not allow SVG uploads for security reasons. There are situations where you may want to upload and use an SVG file such as for custom icons. This quick guide will show you how to enable SVG uploads in WordPress with code or a plugin.

Important Notice

SVG uploads are disabled by default because SVG code can contain malicious data. Only download SVG’s from trusted sources. We recommend Google Icons (best), Bootstrap Icons and FontAwesome.

Enabling SVG Uploads Using Code

If your site is already using a child theme or a code snippets plugin, why bother installing a separate plugin? You can easily enable SVG uploads with a little code:

// Allow SVG uploads.
add_filter( 'upload_mimes', function( $mimes ) {
	if ( current_user_can( 'administrator' ) ) {
		$mimes['svg']  = 'image/svg+xml';
		$mimes['svgz'] = 'image/svg+xml';
	}
	return $mimes;
} );

As mentioned earlier SVG uploads can pose a security risk. This is why we’ve added a check in the snippet above so only administrators can upload SVG files. If you wish to enable SVG uploads for other users, you can modify the code accordingly.

Make sure you trust the users you are giving SVG upload access to and that they are informed of the risk involved in using SVG files.

Enabling SVG Uploads with a Plugin

If you rather use a plugin to enable SVG uploads there are many out there you can use. We personally recommend Safe SVG. This plugin is used in a lot of sites and has good ratings. The benefit of using the plugin over a code snippet is that it has built-in methods of sanitizing your SVG files when they are uploaded through the WordPress media library.

If you don’t trust the users that are uploading the SVG files on the site or you are downloading SVG’s from potentially sketchy sites (or simply don’t trust them) using a plugin is the ideal method for enabling SVG uploads in WordPress.

Back To Top