How to Enable SVG Uploads in WordPress & Elementor (Complete Secure Guide)

jiuyi
Administrator
240
Posts
0
Fans
Support & TroubleshootingComments14Characters 968Views3min13sRead
Using SVG images in WordPress offers many advantages: full scalability, smaller file sizes, crisp high-resolution display, and native animation support. However, WordPress blocks SVG uploads by default for security reasons. Even if you enable SVG uploads in the WordPress Media Library via custom code, you may still run into upload restrictions when using the Elementor page builder.

Why Does WordPress Block SVGs by Default?

SVG files are XML-based and can contain embedded JavaScript code. Without proper security safeguards, malicious SVG files can lead to Cross-Site Scripting (XSS) attacks. This is the primary reason WordPress prohibits SVG uploads out of the box.

Solution

Below is a complete, security-conscious solution to enable SVG file uploads for both WordPress core and the Elementor page builder.

Step 1: Add Code to functions.php

Add the following code to your active theme’s functions.php file.
For long-term stability, use a code management plugin to avoid losing customizations when your theme is updated. We recommend Code Snippets.
/**
 * Allow SVG and SVGZ uploads in WordPress and Elementor
 */
function allow_svg_upload( $mimes ) {
    $mimes['svg']  = 'image/svg+xml';
    $mimes['svgz'] = 'image/svg+xml';
    return $mimes;
}
add_filter( 'upload_mimes', 'allow_svg_upload' );

/**
 * Fix SVG thumbnail display in the WordPress Media Library
 */
function fix_svg_thumbnail_display( $response ) {
    if ( $response['mime'] === 'image/svg+xml' ) {
        $response['sizes'] = array(
            'thumbnail' => array(
                'url'    => $response['url'],
                'width'  => $response['width'],
                'height' => $response['height']
            ),
            'medium' => array(
                'url'    => $response['url'],
                'width'  => $response['width'],
                'height' => $response['height']
            ),
            'large' => array(
                'url'    => $response['url'],
                'width'  => $response['width'],
                'height' => $response['height']
            ),
            'full' => array(
                'url'    => $response['url'],
                'width'  => $response['width'],
                'height' => $response['height']
            )
        );
    }
    return $response;
}
add_filter( 'wp_prepare_attachment_for_js', 'fix_svg_thumbnail_display' );

/**
 * Add basic security checks for uploaded SVG files
 */
function check_svg_security( $file ) {
    if ( $file['type'] === 'image/svg+xml' ) {
        // Read the contents of the uploaded SVG
        $content = file_get_contents( $file['tmp_name'] );
        
        // Flag potentially malicious code patterns
        $suspicious_patterns = array(
            'script',
            'onclick',
            'onload',
            'onunload',
            'onerror',
            'javascript:',
            'xlink:href',
            'data:',
            'fetch',
            'eval',
            'alert'
        );
        
        foreach ( $suspicious_patterns as $pattern ) {
            if ( stripos( $content, $pattern ) !== false ) {
                $file['error'] = 'For security reasons, this SVG file contains disallowed content.';
                break;
            }
        }
    }
    return $file;
}
add_filter( 'wp_handle_upload_prefilter', 'check_svg_security' );

/**
 * Enable dedicated SVG upload support for Elementor
 */
function elementor_allow_svg_upload($mimes) {
    return array_merge($mimes, [
        'svg'  => 'image/svg+xml',
        'svgz' => 'image/svg+xml'
    ]);
}
add_filter('elementor/files/allow_unfiltered_upload', '__return_true');
add_filter('elementor/files/svgs/allow_upload', '__return_true');
add_filter('elementor/files/svg_mime_types', 'elementor_allow_svg_upload');

/**
 * Improve SVG file type detection and handling
 */
function ensure_svg_file_safety($data, $file, $filename, $mimes) {
    // Fallback: correct MIME type when file extension is SVG but type is unrecognized
    if ( ! empty($data['ext']) && $data['ext'] === 'svg' ) {
        $data['type'] = 'image/svg+xml';
        $data['proper_filename'] = $filename;
    }
    
    return $data;
}
add_filter( 'wp_check_filetype_and_ext', 'ensure_svg_file_safety', 10, 4 );

Step 2: What the Code Does

This code delivers the following functionality:
  • Enables SVG and SVGZ uploads: Adds standard and compressed SVG formats to WordPress’ allowed MIME type list.
  • Fixes Media Library thumbnails: Adjusts vector graphic handling so SVG previews render correctly in the Media Library.
  • Adds security scanning: Detects common malicious code patterns in SVG files to reduce XSS risk.
  • Adds Elementor compatibility: Includes dedicated Elementor hooks to bypass its separate upload filter, supporting drag-and-drop SVG uploads directly in the Elementor editor.
  • Improves file recognition: Fixes edge cases where WordPress fails to correctly identify SVG file types.

Step 3: After Adding the Code

Once you’ve added the code, follow these steps to ensure everything works as expected:
  1. Save your functions.php file (or save the snippet in Code Snippets).
  2. Clear your browser cache and any WordPress site cache (if you use a caching plugin).
  3. Log back in to the WordPress admin area.
  4. Test SVG uploads in both the Media Library and the Elementor editor.

Alternative: Use a Plugin

If you prefer not to edit theme files, you can use one of these trusted plugins to enable SVG uploads:
  • Safe SVG – The most widely used SVG upload plugin, with thorough security sanitization and scanning.
  • SVG Support – A simple, lightweight plugin for basic SVG upload and inline rendering support.
  • WP SVG – Another minimal, lightweight option for enabling SVG support.

Security Best Practices

Even with custom code or a plugin in place, we strongly recommend you:
  • Only use SVG files from trusted, reputable sources.
  • Review SVG file contents before uploading, especially if they come from third parties.
  • Clean and optimize SVG code with a tool like SVGO to remove bloat and unused code.
  • Restrict SVG upload permissions to trusted admin users only.

Frequently Asked Questions

Q: Why can I upload SVGs to the Media Library but not in Elementor?

A: Elementor uses its own file upload filtering system separate from WordPress core. The code above adds Elementor-specific hooks to override these restrictions, including support for drag-and-drop uploads in the editor.

Q: What should I do if SVG uploads still fail?

A: Try uploading the SVG to the WordPress Media Library first, then select the already-uploaded file from the Media Library inside Elementor.

Q: Will this code slow down my website?

A: No. This code only runs during file upload events and has no impact on your site’s front-end performance or day-to-day loading speed.

By following the steps above, you’ll be able to use SVG files seamlessly across both WordPress and Elementor. As a lightweight vector format, SVGs can significantly improve your site’s visual quality and loading performance. Always prioritize security — only upload SVG files from sources you trust.
We hope this tutorial is helpful. If you have any questions or need further assistance, feel free to leave a comment below.

 
jiuyi
  • by Published onJune 23, 2026
  • Please be sure to keep the original link when reposting.:https://www.wptroubleshoot.com/enable-svg-uploads-wordpress-elementor/

Loading...

Comment