Tag: Uploads

Increase upload_max_filesize (Uploaded file exceeds the upload_max_filesize directive)

Posted on By Admin No Comments on Increase upload_max_filesize (Uploaded file exceeds the upload_max_filesize directive)

Increase upload_max_filesize (Uploaded file exceeds the upload_max_filesize directive)

If you encounter the error “Uploaded file exceeds the upload_max_filesize directive” in WordPress, it means your server’s PHP configuration limits the maximum file size you can upload. This often blocks you from uploading large media files or plugins. The quick fix is to increase the upload_max_filesize value in your PHP settings.

Quick Fix

  1. Edit your php.ini file (or create one if it doesn’t exist) and add or update this line: 
    upload_max_filesize = 64M
  2. Also increase post_max_size to the same or larger value: 
    post_max_size = 64M
  3. Restart your web server (Apache, Nginx, LiteSpeed) to apply changes.
  4. Verify the new limits in WordPress by going to Media > Add New or using a PHP info plugin.

Why this happens

PHP has built-in limits on file upload sizes to prevent server overload and abuse. The upload_max_filesize directive controls the maximum size of an uploaded file, while post_max_size controls the maximum size of POST data allowed. If your file exceeds these limits, PHP rejects the upload and WordPress shows the error.

By default, many hosting providers set these values low (e.g., 2MB or 8MB) to conserve resources. To upload larger files, you must increase these limits manually.

Step-by-step

1. For Apache or LiteSpeed servers

  1. Locate your php.ini file. Common locations:
    • /etc/php/7.x/apache2/php.ini
    • /usr/local/lib/php.ini
    • Use phpinfo() to find the loaded config file.
  2. Edit the php.ini file and update or add: 
    upload_max_filesize = 64M
post_max_size = 64M
memory_limit = 128M
max_execution_time = 300
max_input_time = 300
  3. Save the file and restart Apache or LiteSpeed: 
    sudo systemctl restart apache2
# or for LiteSpeed
sudo systemctl restart lsws
  4. Check changes with a PHP info file or WordPress media uploader.

2. For Nginx servers

  1. Edit your PHP-FPM php.ini file (location similar to Apache).
  2. Update the same directives as above: 
    upload_max_filesize = 64M
post_max_size = 64M
memory_limit = 128M
max_execution_time = 300
max_input_time = 300
  3. Edit your Nginx site configuration file (e.g., /etc/nginx/sites-available/example.com) and add or update: 
    client_max_body_size 64M;
  4. Restart PHP-FPM and Nginx: 
    sudo systemctl restart php7.x-fpm
sudo systemctl restart nginx
  5. Verify upload limits in WordPress.

3. Using cPanel

  1. Log in to your cPanel dashboard.
  2. Go to MultiPHP INI Editor under the Software section.
  3. Select your domain from the dropdown.
  4. Set upload_max_filesize and post_max_size to your desired values (e.g., 64M).
  5. Save the changes.
  6. Check your WordPress upload limits.

4. Using Plesk

  1. Log in to Plesk.
  2. Go to Domains > example.com > PHP Settings.
  3. Find upload_max_filesize and post_max_size and increase their values.
  4. Save the settings.
  5. Test upload limits in WordPress.

Works on

Server Control Panel Notes
Apache cPanel, Plesk, Manual Requires php.ini edit and server restart
Nginx cPanel, Plesk, Manual Requires php.ini and nginx.conf edits + restarts
LiteSpeed cPanel, Manual Similar to Apache, restart LiteSpeed after changes

FAQ

  1. Q: I increased upload_max_filesize but still get the error. Why?

    A: You must also increase post_max_size and ensure your web server (Nginx or Apache) allows larger uploads (e.g., client_max_body_size in Nginx). Restart your server after changes.

  2. Q: Can I increase upload limits via .htaccess?

    A: Only on Apache servers with PHP running as an Apache module. Add these lines to your .htaccess:

    php_value upload_max_filesize 64M
php_value post_max_size 64M
  3. Q: How do I check current upload limits?

    A: Use a PHP info plugin in WordPress or create a phpinfo.php file with:

    <?php phpinfo(); ?>

    Then open it in your browser and look for upload_max_filesize

Fixes & Errors

Fix “Sorry, this file type is not permitted for security reasons”

Posted on By Admin No Comments on Fix “Sorry, this file type is not permitted for security reasons”

Fix “Sorry, this file type is not permitted for security reasons”

If you’ve ever tried uploading a file to WordPress and encountered the error message “Sorry, this file type is not permitted for security reasons”, you know how frustrating it can be. This error prevents you from uploading certain file types that WordPress does not allow by default. The quick fix is to enable support for those file types safely by adding a small snippet of code to your theme or a custom plugin.

Quick Fix

  1. Access your WordPress site files via FTP or your hosting file manager.
  2. Open your active theme’s functions.php file or create a site-specific plugin.
  3. Copy and paste the following code to allow additional file types (example allows SVG and JSON):
function custom_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    $mimes['json'] = 'application/json';
    return $mimes;
}
add_filter('upload_mimes', 'custom_mime_types');
  1. Save the file and try uploading your file again.

Why This Happens

WordPress restricts file uploads to a predefined list of MIME types for security reasons. This prevents potentially harmful files from being uploaded and executed on your server. When you try to upload a file type not on this list, WordPress blocks it and shows the error message.

Commonly blocked file types include SVG, JSON, and some custom file formats. While these files can be safe, WordPress errs on the side of caution. To allow these files, you need to explicitly add their MIME types to the allowed list.

Step-by-step: Fixing on Different Environments

1. Using functions.php (Works on all setups)

  1. Log in to your hosting control panel or use an FTP client.
  2. Navigate to /wp-content/themes/your-active-theme/.
  3. Open functions.php in a text editor.
  4. Add the following code at the end of the file:
function custom_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    $mimes['json'] = 'application/json';
    return $mimes;
}
add_filter('upload_mimes', 'custom_mime_types');
  1. Save and upload the file back to the server.
  2. Test uploading your file again.

2. Using a Site-Specific Plugin (Recommended for theme-independent fix)

  1. Create a new file named custom-mime-types.php on your local machine.
  2. Paste the following code inside:
<?php
/*
Plugin Name: Custom MIME Types
Description: Allow additional file types for upload.
Version: 1.0
Author: Your Name
*/

function custom_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    $mimes['json'] = 'application/json';
    return $mimes;
}
add_filter('upload_mimes', 'custom_mime_types');
  1. Save and upload this file to /wp-content/plugins/ via FTP or file manager.
  2. Go to WordPress admin > Plugins and activate Custom MIME Types.
  3. Try uploading your file again.

3. Nginx Configuration (Optional)

If you are using Nginx and still face issues after allowing MIME types in WordPress, you may need to add MIME types in your Nginx config:

http {
    ...
    types {
        image/svg+xml svg;
        application/json json;
        # other MIME types
    }
    ...
}

After editing, reload Nginx:

sudo nginx -s reload

4. Apache Configuration (Optional)

For Apache servers, ensure the MIME types are recognized by adding them to your .htaccess or Apache config:

AddType image/svg+xml svg
AddType application/json json

Restart Apache if you edited the main config:

sudo systemctl restart apache2

5. cPanel / Plesk Users

Both cPanel and Plesk allow you to edit MIME types via their control panels:

  • cPanel: Go to Advanced > MIME Types and add the new types.
  • Plesk: Navigate to Tools & Settings > MIME Types and add the required types.

After adding, retry your upload.

Works on

  • WordPress on Apache, Nginx, LiteSpeed servers
  • Hosting control panels: cPanel, Plesk, DirectAdmin
  • Any WordPress theme or custom plugin setup
  • Local development environments like LocalWP, XAMPP, MAMP

FAQ

Q: Is it safe to allow SVG uploads in WordPress?
A: SVG files can contain malicious code if not sanitized. Use a plugin like “Safe SVG” or sanitize SVG files before uploading.
Q: Can I allow all file types by disabling this check?
A: It’s not recommended as it poses a security risk. Always whitelist only the file types you need.
Q: Why do I still get the error after adding MIME types?
Check your server’s MIME type configuration (Nginx/Apache) and ensure caching or security plugins are not blocking uploads.
Q: Can I add MIME types via a plugin instead of code?
Yes. Plugins like “WP Add Mime Types” allow you to add MIME types via the admin interface without coding.
Q: Does this fix work for multisite WordPress installations?
Yes, but you may need to add the code in the main site’s functions.php or a network-activated plugin.
Fixes & Errors

Allow SVG uploads safely (sanitize + preview)

Posted on By Admin No Comments on Allow SVG uploads safely (sanitize + preview)

Allow SVG Uploads Safely (Sanitize + Preview) in WordPress

By default, WordPress does not allow SVG file uploads due to security risks. However, SVGs are widely used for scalable, high-quality graphics. The challenge is to enable SVG uploads safely by sanitizing the files and allowing previews in the media library. This tutorial shows you how to allow SVG upload in WordPress securely with code snippets for sanitization and preview support.

Quick Fix: Enable Safe SVG Uploads in WordPress

  1. Add code to allow SVG MIME type in uploads.
  2. Sanitize uploaded SVG files to remove malicious code.
  3. Enable SVG previews in the WordPress media library.
  4. Test uploading and previewing SVG files.

Why This Happens

WordPress blocks SVG uploads by default because SVG files are XML-based and can contain malicious scripts or harmful code. Without sanitization, uploading SVGs can open security vulnerabilities such as cross-site scripting (XSS). Simply enabling SVG uploads without cleaning the files is risky.

To safely allow SVG uploads, you must:

  • Whitelist the SVG MIME type.
  • Sanitize the SVG content to strip out any harmful code.
  • Enable WordPress to generate previews for SVG files.

Step-by-Step: Allow and Sanitize SVG Uploads in WordPress

1. Allow SVG MIME Type

Add this code to your theme’s functions.php file or a custom plugin to permit SVG uploads:

function allow_svg_upload_mime_type( $mimes ) {
    $mimes['svg'] = 'image/svg+xml';
    return $mimes;
}
add_filter( 'upload_mimes', 'allow_svg_upload_mime_type' );

2. Sanitize Uploaded SVG Files

Use the SVG Sanitizer PHP library to clean SVG files on upload. First, install it via Composer or manually include it in your plugin.

Example code to sanitize SVG uploads:

use enshrinedsvgSanitizeSanitizer;

function sanitize_svg_on_upload( $file ) {
    if ( $file['type'] === 'image/svg+xml' ) {
        $sanitizer = new Sanitizer();

        $dirtySVG = file_get_contents( $file['tmp_name'] );
        $cleanSVG = $sanitizer-sanitize( $dirtySVG );

        if ( $cleanSVG === false ) {
            $file['error'] = 'Invalid SVG file.';
            return $file;
        }

        file_put_contents( $file['tmp_name'], $cleanSVG );
    }
    return $file;
}
add_filter( 'wp_handle_upload_prefilter', 'sanitize_svg_on_upload' );

3. Enable SVG Previews in Media Library

WordPress does not generate thumbnails for SVGs by default. Add this code to display SVG previews:

function svg_media_preview( $response, $attachment, $meta ) {
    if ( $response['mime'] === 'image/svg+xml' ) {
        $response['icon'] = $response['url'];
        $response['thumb'] = $response['url'];
        $response['sizes'] = [
            'thumbnail' =[
                'url' =$response['url'],
                'width' =80,
                'height' =80,
                'mime-type' ='image/svg+xml',
            ],
            'medium' =[
                'url' =$response['url'],
                'width' =160,
                'height' =160,
                'mime-type' ='image/svg+xml',
            ],
        ];
    }
    return $response;
}
add_filter( 'wp_prepare_attachment_for_js', 'svg_media_preview', 10, 3 );

4. Test Your Setup

  1. Go to Media > Add New in your WordPress admin.
  2. Upload a sanitized SVG file.
  3. Verify the upload succeeds without errors.
  4. Check the media library to see the SVG preview thumbnail.

Common Pitfalls

  • Not sanitizing SVGs: Uploading raw SVGs can expose your site to XSS attacks.
  • Missing MIME type: Forgetting to add SVG MIME type causes upload errors.
  • Composer dependency: The SVG Sanitizer library requires Composer or manual inclusion.
  • Preview issues: Some themes/plugins may override media previews, causing SVG thumbnails not to show.
  • Caching: Browser or plugin caching might prevent updated SVG previews from appearing immediately.

Works on

This solution works on WordPress sites running on Apache, Nginx, or LiteSpeed web servers. It is compatible with hosting control panels like cPanel and Plesk. The PHP SVG Sanitizer library requires PHP 7.0 or higher.

FAQ

Q: Is it safe to allow SVG uploads in WordPress?
A: Yes, if you sanitize SVG files on upload to remove malicious code. Never allow raw SVG uploads without sanitization.
Q: Can I use a plugin instead of code?
A: Yes, plugins like “Safe SVG” handle sanitization and previews, but using code gives you more control and reduces plugin overhead.
Q: Why don’t SVG thumbnails show in the media library?
A: WordPress does not generate raster thumbnails for SVGs by default. The code snippet above forces SVG previews by using the SVG itself as a thumbnail.
Q: What if my SVG files are still blocked after adding the MIME type?
A: WordPress also checks file extensions and content. Make sure your SVG files have the correct extension and pass sanitization.
Q: Can I customize the SVG sanitization?
A: Yes, the SVG Sanitizer library allows configuring allowed tags and attributes. Refer to its documentation for advanced customization.
Admin & Blocks

413 Request Entity Too Large on media upload (Nginx/Apache)

Posted on By Admin No Comments on 413 Request Entity Too Large on media upload (Nginx/Apache)

413 Request Entity Too Large on Media Upload (Nginx/Apache)

If you encounter the 413 Request Entity Too Large error when uploading media files to WordPress, it means your server is rejecting files that exceed its configured size limits. This is a common issue that can be quickly fixed by adjusting server settings.

Quick Fix

  1. For Nginx, increase the client_max_body_size directive.
  2. For Apache, increase the LimitRequestBody directive.
  3. Restart or reload your web server to apply changes.

Why This Happens

Web servers limit the size of HTTP request bodies to protect against resource exhaustion and abuse. When uploading large files, if the file size exceeds these limits, the server responds with a 413 error, blocking the upload. WordPress itself also has upload size limits, but this error originates from the web server before WordPress processes the file.

Step-by-step Fix per Server

1. Fix for Nginx

The client_max_body_size directive controls the maximum allowed size of the client request body, which includes file uploads.

  1. Open your Nginx configuration file. This is usually located at:
    • /etc/nginx/nginx.conf
    • or inside your site-specific config in /etc/nginx/sites-available/
  2. Find the http, server, or location block where you want to set the limit.
  3. Add or update the directive, for example to allow 64MB uploads:
client_max_body_size 64M;
  1. Save the file and test the configuration:
sudo nginx -t
  1. If the test is successful, reload Nginx:
sudo systemctl reload nginx

2. Fix for Apache

Apache uses the LimitRequestBody directive to limit the size of the HTTP request body.

  1. Open your Apache configuration file or your site’s .htaccess file. Common locations:
    • /etc/apache2/apache2.conf or /etc/httpd/conf/httpd.conf
    • Or inside your site root’s .htaccess
  2. Add or update the directive inside the appropriate context (e.g., <Directory> or globally):
LimitRequestBody 67108864

This example sets the limit to 64MB (64 * 1024 * 1024 bytes).

  1. Save the file.
  2. Restart Apache to apply changes:
sudo systemctl restart apache2
# or on CentOS/RHEL
sudo systemctl restart httpd

3. Verify WordPress PHP Upload Limits

Even after adjusting server limits, PHP settings can restrict upload size. Check and update these values in your php.ini or via your hosting control panel:

upload_max_filesize = 64M
post_max_size = 64M
memory_limit = 128M

Restart PHP-FPM or your web server if needed.

Works on

Server Control Panel Applicable Directives
Nginx cPanel, CloudPanel, Plesk, Custom client_max_body_size
Apache cPanel, CloudPanel, Plesk, Custom LimitRequestBody, php.ini upload limits

FAQ

Q: How do I know if the 413 error is caused by Nginx or Apache?
A: Check your server stack. If you use Nginx as a reverse proxy in front of Apache, both may have limits. Start by increasing Nginx’s client_max_body_size. If only Apache is used, adjust LimitRequestBody.
Q: Can I set these limits in WordPress instead?
A: WordPress settings like upload_max_filesize and post_max_size in PHP control upload limits, but the 413 error is a server-level rejection. You must increase server limits first.
Q: What if I don’t have access to the server config files?
A: Contact your hosting provider to increase upload size limits or use their control panel if available. Some hosts allow changing PHP and server limits via cPanel or Plesk interfaces.
Q: Will increasing these limits affect server security?
A: Larger limits allow bigger uploads but can increase resource usage and risk of abuse. Set limits according to your site’s needs and monitor server performance.
Q: After changing the limits, the error persists. What else can I check?
Clear your browser cache, restart your web server and PHP services, and verify PHP upload limits. Also, check for any reverse proxies or firewalls that might impose their own limits.
Fixes & Errors
Also by the maker of MySurveyReviews.com