I AM PROMETHEUS

I will not recap the ancient Greek legend about how Man learned to make fire. Anyone who doesn’t know it can go read Theogony or Prometheus Bound (personally I’m partial to Hesiod’s telling of the story). Today I learned how to unlock a very reasonable restriction on file uploads in multisite WordPress, and then passed that knowledge on to my web developers.


WordPress becomes quite a different animal when its multisite feature is enabled.

Among the “features” available is the restriction of filetypes that can be uploaded to sites. This is a global setting that appears in the Network Admin’s dashboard under Settings… Upload Settings. There you will find 3 configuration items: “Site Upload Space”, “Upload file types” and “Max upload file size”.

By default each of these is configured very conservatively. Site upload space is restricted to 10 MB and Max upload file size 1500 KB (1.5 MB). File types?

jpg jpeg png gif mp3 mov avi wmv midi mid pdf

Oh, but what do you do if you work for an American company where just everyone who is anyone simply loves that mass distribution system for computer viruses, Microsoft Office?

Well, first you get management approval to change the default setting. Really.

Passing that hurdle, if you really want to allow other kinds of file types like those produced and read by the aforementioned mass distribution system for computer viruses (something I don’t recommend), you would add the following to the list:

doc docx xls xlsx ppt pptx

Depending on the operating platform for the web server hosting your WordPress sites, you may have to add additional MIME types to your web server configuration (e.g. create AddType directives in Apache’s httpd.conf) or modify the operative mime.types file (on Red Hat Enterprise Linux that would be /etc/mime.types). The former is the recommended best practice, but I’m partial to the latter because it means I should only have to make the change in one place. Just be aware those changes might be overwritten during updates, upgrades and by badly behaved application installers.

Oh yes, and let me repeat that I don’t recommend doing this due to the potentially increased risk that your site could become a distribution hub for infected files (server anti virus, what server anti virus?).

NOTE: If you are going to do this, you really should set up an antivirus solution of some kind. See Setting up clamav on a server, for one completely free and open source possibility. Although it isn’t going to be integrated with the WordPress upload code, it will at least reduce the risk of your becoming a long term harbor for infected docs.

OK. I couldn’t resist.