FAIR

Federated and Independent Repositories

MimeCraft MIME Unlocker

Plugin Banner

MimeCraft MIME Unlocker

by akashahmed29

Download
Description

MimeCraft MIME Unlocker helps you safely extend the default WordPress upload functionality by enabling additional file types such as SVG, JSON, fonts, and more.

WordPress restricts file uploads for security reasons. This plugin provides a user-friendly interface to manage allowed MIME types while maintaining security best practices.

Whether you’re a developer, designer, or site administrator, MimeCraft gives you control over file uploads—without editing code.

🔥 Features

📁 Extend Upload Support – Enable additional safe file types like SVG, JSON, fonts, and more.
🛠️ Custom MIME Types – Add your own MIME types with an easy-to-use interface.
⚡ Auto Save Settings – Changes are saved instantly without needing a manual save button.
🔄 Reset to Default – Restore default MIME settings anytime with one click.
🧰 Beginner Friendly – No coding required, simple and clean UI.
🔐 Security Focused – Blocks dangerous file types (e.g., executable and script files) to protect your site.

  1. Upload the plugin folder to /wp-content/plugins/.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  1. Settings Page

    Settings Page

What file types can I upload to WordPress by default?

By default, WordPress allows only a limited set of file types for security reasons. Learn more here:
https://codex.wordpress.org/Uploading_Files

Can I upload SVG files?

Yes, this plugin allows SVG uploads. For best security, ensure SVG files are sanitized before use.

Can I add custom MIME types?

Yes, you can add and manage custom MIME types directly from the plugin interface.

Does this plugin allow all file types?

No. For security reasons, dangerous file types such as executable or script files are blocked.

Will this plugin affect existing uploads?

No, it only controls which file types are allowed moving forward.

1.0.1

  • Security: Prevented upload of insecure MIME types (exe, js, apk, etc.) for non-admin users
  • Security: Added role-based upload control (unsafe file types allowed for admins only)
  • Security: Implemented real MIME type validation using finfo (anti-spoof protection)
  • Security: Added SVG sanitization to prevent XSS and malicious code injection
  • Fix: Resolved issue where default MIME types were not working when blocklist was enabled
  • Fix: Corrected invalid MIME type mappings (woff, xml, css, js, etc.)
  • Improvement: Improved validation and sanitization of custom MIME types
  • Improvement: Strengthened WordPress core file type verification using wp_check_filetype_and_ext filter

1.0.0

  • Initial Release
Back to top