Title: Lord of the Files: Enhanced Upload Security Author: Blobfolio Published: 27 março, 2017 Last modified: 17 setembro, 2025 --- Pesquisar plugins ![](https://ps.w.org/blob-mimes/assets/banner-772x250.png?rev=2889646) ![](https://ps.w.org/blob-mimes/assets/icon-256x256.png?rev=2889646) # Lord of the Files: Enhanced Upload Security Por [Blobfolio](https://profiles.wordpress.org/blobfolio/) [Baixar](https://downloads.wordpress.org/plugin/blob-mimes.1.4.2.zip) * [Detalhes](https://br.wordpress.org/plugins/blob-mimes/#description) * [Avaliações](https://br.wordpress.org/plugins/blob-mimes/#reviews) * [Instalação](https://br.wordpress.org/plugins/blob-mimes/#installation) * [Desenvolvimento](https://br.wordpress.org/plugins/blob-mimes/#developers) [Suporte](https://wordpress.org/support/plugin/blob-mimes/) ## Descrição WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks. Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site. The main features include: * Robust _real_ filetype detection; * Full MIME alias mapping; * SVG sanitization (if SVG uploads have been independently allowed); * File upload validation debugger; * Fixes issues related to [#40175](https://core.trac.wordpress.org/ticket/40175) that have been present since WordPress `4.7.1`. * Fixes ambiguous media extensions [#40921](https://core.trac.wordpress.org/ticket/40921) ### Requirements * WordPress 5.2 or later. * PHP 7.4 or later. * `dom` PHP extension. * `fileinfo` PHP extension. * `mbstring` PHP extension. * `xml` PHP extension. Please note: it is **not safe** to run WordPress atop a version of PHP that has reached its [End of Life](http://php.net/supported-versions.php). Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂 ### Privacy Policy This plugin does not make use of or collect any “Personal Data”. ## Capturas de tela * [[ * Example output from `Tools > Debug File Validation`. * [[ * The plugin includes a settings wizard under `Settings > File Settings`. ## Instalação Nothing fancy! You can use the built-in installer on the Plugins page or extract and upload the `blob-mimes` folder to your plugins directory via FTP. To install this plugin as [Must-Use](https://wordpress.org/support/article/must-use-plugins/), download, extract, and upload the `blob-mimes` folder to your `mu-plugins` directory and follow the third example listed under [Caveats](https://wordpress.org/support/article/must-use-plugins/#caveats); the main file for this plugin is `blob-mimes/index.php`. Please note: MU Plugins are removed from the usual update-checking process, so you will need to handle all future updates manually. ## Perguntas frequentes ### Does this require any theme or config changes? This plugin is intended to be an activate-and-forget sort of affair for most users. All features are enabled by default. But if you’re a developer or system administrator, you might take a peek at `Tools > File Validation Reference` for a list of public filters you can hook into to change things up, and `Settings > File Settings` for global configuration overrides. ### This has mostly helped but I am still having trouble with one file… While this plugin extends MIME alias handling more than 20-fold(!), we are still busy tracking down all the edge cases. Please go to `Tools > Debug File Validation` and post the output from that page into a new support ticket for this plugin. We’ll gladly see if we can cook up a fix or workaround! ### Does this plugin enable SVG support? No. This plugin does not modify your site’s allowed upload types (see e.g. [upload_mimes](https://codex.wordpress.org/Plugin_API/Filter_Reference/upload_mimes) for that). However if SVGs are otherwise enabled for your site, this plugin will _sanitize_ them at the upload stage to make sure they do not contain any dangerous exploits. There are a number of SVG-related filters that can be used to modify the sanitization behavior. Take a look at `Tools > File Validation Reference` for more information. If you find the filters too aggressive, add `const LOTF_NO_SANITIZE_SVGS = true;` to your `wp-config.php` to disable the extra sanitizing. ## Avaliações ![](https://secure.gravatar.com/avatar/9f0277d6eebdfcbc0d17d7d57a55be7b8d52e49f27806c51ee2f15abe88b593c? s=60&d=retro&r=g) ### 󠀁[Fixed Font Upload Issue](https://wordpress.org/support/topic/fixed-font-upload-issue/)󠁿 [applecrusher](https://profiles.wordpress.org/applecrusher/) 27 fevereiro, 2023 This fixed an issue we were having where a valid font type wasn’t uploading. Thank you. ![](https://secure.gravatar.com/avatar/9243ddb784e4b317874bc1fed3802a72af5647547a66e555d149ed793916df4f? s=60&d=retro&r=g) ### 󠀁[Allows .ai file uploads now](https://wordpress.org/support/topic/allows-ai-file-uploads-now/)󠁿 [euphemism](https://profiles.wordpress.org/euphemism/) 16 maio, 2022 After trying every kind of edit recommended in StackExchange to wp-config & functions. php, adding another plugin (WP Extra File Types), looking through log files, being on the phone for an hour with WP Engine, Gravity Forms pointed me to this, and instantly, the file upload for adobe illustrator files worked. I tried disabling WP Extra File Types, but apparently that is still required. ![](https://secure.gravatar.com/avatar/00f2669d196a2ac2efd7ee194235463b3bd74079b3df4a1c7d1782ef73ba18ee? s=60&d=retro&r=g) ### 󠀁[Fixed very fast](https://wordpress.org/support/topic/fixed-very-fast/)󠁿 [cangevendi](https://profiles.wordpress.org/cangevendi/) 29 janeiro, 2022 Update comes to fixed the issue very quickly after reporting ![](https://secure.gravatar.com/avatar/6b59744abde2d466a2bc0161dd4d3ab697d84a841bd2c090e658f5c5d4d48448? s=60&d=retro&r=g) ### 󠀁[Excellent for adding support to new image file formats](https://wordpress.org/support/topic/excellent-for-adding-support-to-new-image-file-formats-2/)󠁿 [Kakemphaton](https://profiles.wordpress.org/johanneseva/) 16 maio, 2021 4 respostas Excellent plugin. Even if the description doesn’t say it, this plugin allows AVIF file uploads in WordPress in two steps: – Add functions.php support for AVIF mime types (in child theme if possible): easy procedure with lots of tutorials available.– Install “Lord of the Files” Now you can upload AVIF in WordPress Media manager. To the authors: Thank you! The plugin description does not mention AVIF or other new image formats. It would be useful to a lot of users! ![](https://secure.gravatar.com/avatar/2a0d799b6d5f42aa01ac0a35b714b20c93975fbd252cf1828bdec5c151750417? s=60&d=retro&r=g) ### 󠀁[I was skeptical at first](https://wordpress.org/support/topic/i-was-skeptical-at-first/)󠁿 [courageous999](https://profiles.wordpress.org/courageous999/) 4 novembro, 2020 WordPress was falsely detecting a perfectly valid MP4 file with the “Sorry, this file type is not permitted for security reasons” whereas it had no problems letting me upload other MP4 files. I was told that this plugin has a decent chance at solving that problem and to my surprise it did!!! Nice work on the plugin guys. Job well done solving WordPress’ own faults. ![](https://secure.gravatar.com/avatar/0b2d2e9b73ae1255aa6cd8d3a04b20907307310521d55d039acdfcdf737a1653? s=60&d=retro&r=g) ### 󠀁[Incredibly useful debug tool](https://wordpress.org/support/topic/incredibly-useful-debug-tool/)󠁿 [CatchThePigeon](https://profiles.wordpress.org/catchthepigeon/) 21 janeiro, 2020 File Validation Debug tool very useful to work out any issues [ Leia todas as 10 avaliações ](https://wordpress.org/support/plugin/blob-mimes/reviews/) ## Colaboradores e desenvolvedores “Lord of the Files: Enhanced Upload Security” é um programa de código aberto. As seguintes pessoas contribuíram para este plugin. Colaboradores * [ Blobfolio ](https://profiles.wordpress.org/blobfolio/) [Traduzir o “Lord of the Files: Enhanced Upload Security” para seu idioma.](https://translate.wordpress.org/projects/wp-plugins/blob-mimes) ### Interessado no desenvolvimento? [Navegue pelo código](https://plugins.trac.wordpress.org/browser/blob-mimes/), consulte o [repositório SVN](https://plugins.svn.wordpress.org/blob-mimes/) ou assine o [registro de desenvolvimento](https://plugins.trac.wordpress.org/log/blob-mimes/) por [RSS](https://plugins.trac.wordpress.org/log/blob-mimes/?limit=100&mode=stop_on_copy&format=rss). ## Registro de alterações #### 1.4.2 * [Misc] Update MIME database. #### 1.4.1 * [Misc] Update MIME database. #### 1.4.0 * [Misc] Update MIME database. #### 1.3.21 * [Misc] Update MIME database. #### 1.3.20 * [Misc] Update MIME database. ## Meta * Versão **1.4.2** * Última atualização **9 meses atrás** * Instalações ativas **1.000+** * Versão do WordPress ** 5.2 ou superior ** * Testado até **6.8.5** * Versão do PHP ** 7.4 ou superior ** * Idioma * [English (US)](https://wordpress.org/plugins/blob-mimes/) * Tags * [mime](https://br.wordpress.org/plugins/tags/mime/)[security plugin](https://br.wordpress.org/plugins/tags/security-plugin/) [SVG](https://br.wordpress.org/plugins/tags/svg/) * [Visualização avançada](https://br.wordpress.org/plugins/blob-mimes/advanced/) ## Classificações 5 de 5 estrelas. * [ 11 avaliações com 5 estrelas ](https://wordpress.org/support/plugin/blob-mimes/reviews/?filter=5) * [ 0 avaliação com 4 estrela ](https://wordpress.org/support/plugin/blob-mimes/reviews/?filter=4) * [ 0 avaliação com 3 estrela ](https://wordpress.org/support/plugin/blob-mimes/reviews/?filter=3) * [ 0 avaliação com 2 estrela ](https://wordpress.org/support/plugin/blob-mimes/reviews/?filter=2) * [ 0 avaliação com 1 estrela ](https://wordpress.org/support/plugin/blob-mimes/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/blob-mimes/reviews/#new-post) [Ver todas avaliações](https://wordpress.org/support/plugin/blob-mimes/reviews/) ## Colaboradores * [ Blobfolio ](https://profiles.wordpress.org/blobfolio/) ## Suporte Tem algo a dizer? Precisa de ajuda? [Ver fórum de suporte](https://wordpress.org/support/plugin/blob-mimes/) ## Doar Gostaria de contribuir para o desenvolvimento deste plugin? [ Doe para este plugin ](https://blobfolio.com/donate.html)