PHPackages roots/allow-svg - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. roots/allow-svg ActiveWordpress-plugin[Utility & Helpers](/categories/utility) roots/allow-svg =============== WordPress plugin to enable SVG uploads v1.0.1(10mo ago)4137.4k↓23.4%1MITPHPPHP ^8.2CI passing Since Jul 27Pushed 2mo ago3 watchersCompare [ Source](https://github.com/roots/allow-svg)[ Packagist](https://packagist.org/packages/roots/allow-svg)[ GitHub Sponsors](https://github.com/roots)[ RSS](/packages/roots-allow-svg/feed)WikiDiscussions main Synced 1w ago READMEChangelog (2)Dependencies (3)Versions (3)Used By (0) Allow SVG ========= [](#allow-svg) [![Packagist Downloads](https://camo.githubusercontent.com/a6bf60159c3139de9a37d8c9a01ea692576053956618ae28585c5d77dd92b639/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f726f6f74732f616c6c6f772d7376673f6c6162656c3d646f776e6c6f61647326636f6c6f72423d32623330373226636f6c6f72413d353235646463267374796c653d666c61742d737175617265)](https://packagist.org/packages/roots/allow-svg)[![Build Status](https://camo.githubusercontent.com/0b9057dcb25670abdadfc1122fc28c4cce73a28ca658bb2365da3a567352d5af/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f726f6f74732f616c6c6f772d7376672f74657374732e796d6c3f6272616e63683d6d61696e266c6f676f3d676974687562266c6162656c3d4349267374796c653d666c61742d737175617265)](https://github.com/roots/allow-svg/actions/workflows/tests.yml)[![Follow Roots](https://camo.githubusercontent.com/222256dbdeac58e77f017d847dca30ff4cab027cdf3abfec8e5bfd59de240547/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f666f6c6c6f7725323040726f6f747377702d3164613166323f6c6f676f3d74776974746572266c6f676f436f6c6f723d666666666666266d6573736167653d267374796c653d666c61742d737175617265)](https://twitter.com/rootswp)[![Sponsor Roots](https://camo.githubusercontent.com/31e13361135ff96d01f1eb97157d052029e6f236249996072d8b6bd60b40e9cd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f73706f6e736f72253230726f6f74732d3532356464633f6c6f676f3d676974687562267374796c653d666c61742d737175617265266c6f676f436f6c6f723d666666666666266d6573736167653d)](https://github.com/sponsors/roots) A WordPress plugin that enables SVG uploads with validation to block malicious files. > WordPress still lacks native SVG support after [12+ years of discussion](https://core.trac.wordpress.org/ticket/24251) Support us ---------- [](#support-us) Roots is an independent open source org, supported only by developers like you. Your sponsorship funds [WP Packages](https://wp-packages.org/) and the entire Roots ecosystem, and keeps them independent. Support us by purchasing [Radicle](https://roots.io/radicle/) or [sponsoring us on GitHub](https://github.com/sponsors/roots) — sponsors get access to our private Discord. Features -------- [](#features) - ✅ **SVG Upload Support** — Enables `.svg` uploads in the WordPress media library - 🔒 **Security-First Validation** — Detects and rejects SVG files containing potentially harmful content - 🖼️ **Media Library Integration** — SVGs display inline like standard images - 🧩 **Zero Dependencies** — No external libraries or frameworks - ⚙️ **Zero Configuration** — No settings or admin bloat Requirements ------------ [](#requirements) - PHP 8.2 or higher - WordPress 5.9 or higher Installation ------------ [](#installation) ### via Composer [](#via-composer) ``` composer require roots/allow-svg ``` Install as a mu-pluginIf you are using [Bedrock](https://roots.io/bedrock/), you can install this as a must-use plugin by modifying your `composer.json` to install the package to the `mu-plugins` directory. ``` { "extra": { "installer-paths": { "web/app/mu-plugins/{$name}/": [ "type:wordpress-muplugin", "roots/allow-svg" ] } } } ``` ### Manual [](#manual) 1. Download `allow-svg.php` 2. Place in `wp-content/plugins/allow-svg/` 3. Activate via wp-admin or WP-CLI Usage ----- [](#usage) Once activated, the plugin automatically: 1. Enables SVG uploads through the Media Library or block editor 2. Performs strict validation on all SVG files 3. Rejects malicious files with clear error messages 4. Accepts clean, standards-compliant SVGs as-is No configuration required. Security -------- [](#security) This plugin uses a **deny-first approach**: it doesn't attempt to sanitize SVGs, it rejects files that appear unsafe. ### Accepts: [](#accepts) - Basic SVG shapes, paths, text, and inline styles - ViewBox and standard attributes ### Rejects: [](#rejects) - `` tags or inline JavaScript - Event handlers like `onclick`, `onload`, etc. - External references (`href`, `xlink:href`, `iframe`, `object`, `embed`) - CSS expressions and `@import` rules - Data URLs containing script or HTML content ### XML Hardening: [](#xml-hardening) - **XXE Protection** — Blocks `` and external entity declarations - **Entity Expansion Limits** — Rejects suspicious `&entity;` usage - Uses `DOMDocument` with external entities disabled Community --------- [](#community) Keep track of development and community news. - Join us on Discord by [sponsoring us on GitHub](https://github.com/sponsors/roots) - Join us on [Roots Discourse](https://discourse.roots.io/) - Follow [@rootswp on Twitter](https://twitter.com/rootswp) - Follow the [Roots Blog](https://roots.io/blog/) - Subscribe to the [Roots Newsletter](https://roots.io/subscribe/) ### Health Score 47 — FairBetter than 93% of packages Maintenance71 Regular maintenance activity Popularity41 Moderate usage in the ecosystem Community13 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 75% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~16 days Total 2 Last Release 301d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f3f71fa88954b93f55af5e121f1d8c38d240a0d17712c092a389bcccffa34415?d=identicon)[retlehs](/maintainers/retlehs) --- Top Contributors [![retlehs](https://avatars.githubusercontent.com/u/115911?v=4)](https://github.com/retlehs "retlehs (6 commits)")[![QWp6t](https://avatars.githubusercontent.com/u/2104321?v=4)](https://github.com/QWp6t "QWp6t (1 commits)")[![theMosaad](https://avatars.githubusercontent.com/u/48773133?v=4)](https://github.com/theMosaad "theMosaad (1 commits)") --- Tags svgwordpresswordpress-pluginwordpress-svg ### Code Quality TestsPHPUnit Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/roots-allow-svg/health.svg) ``` [![Health](https://phpackages.com/badges/roots-allow-svg/health.svg)](https://phpackages.com/packages/roots-allow-svg) ``` ### Alternatives [cunningsoft/achievement-bundle Provides an achievement system for Symfony2 102.3k](/packages/cunningsoft-achievement-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)