Add SVG image support

Vector images are "in." WordPress supports them out of the box, but you are not allowed to upload them using the Media Library because of security reasons. This can be changed easily.

You've probably heard that WordPress supports SVG vector files now, but somehow haven't been able to upload them? That's because the Media Library doesn't allow uploading the by default. SVGs can contain malicious code which can lead to code conflicts, cross-site scripting attacks, code injection, and errors. If you are confident in the source of your SVG files and want to add them to your website, proceed with this tutorial.

The method

Add this code to your child theme's functions.php file:

function add_mimes($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    return $mimes;

add_filter('upload_mimes', 'add_mimes');

SVG security details

SVG support is not included in WordPress by default yet, because there are a few security issues. SVG file itself has an XML structure. This means it's possible to include several exploits inside of the image to perform several types of attacks.

You could even include JavaScript inside SVG files to perform complex tasks like logging users keystrokes and sending them to a 3rd party. Sounds scary, right?

You should only download SVG files from a reputable source. You should also run them through an SVG Sanitizer. This will clean them of any unwanted code.

I wouldn't advise enabling SVG support on multi-author WordPress sites. You will have no control over what kind of images your users are uploading.

Alternatively, use a plugin

You can also use a simple plugin, SVG Support, to allow SVG uploads.

I even found a plugin that performs SVG sanitization for you: Safe SVG.

About the author

Living on the road for over ten years felt a bit unreal. Traveled to more than a hundred countries and met my wife along the way. In the end decided to settle down in a smaller city in Spain.

Please don't leave comments that are in any way hostile to me or my readers. They won't be approved. Constructive criticism is welcome, but I simply don't have the time to answer all of the trolls. This comment section is only welcome to friendly, positive-minded people who wish to add something meaningful to the conversation. If you don't like the language that I'm using or stories that I'm telling, you are free to choose one of the million other blogs where you can read the usual politically-correct fairy tales. You won't convert me. Hats off to those who get it!

Leave a Comment