Why does Wordpress not permit svg image files by default?


Staff member
Why can't I upload SVG image files to Wordpress(4.2.2) by default? when you try you get the message:

Sorry, this file type is not permitted for security reasons.

I know this problem has been around for a while, and I've used this solution in the past, from <a href="https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/" rel="nofollow">https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/</a>, :

function cc_mime_types($mimes) {
  $mimes['svg'] = 'image/svg+xml';
  return $mimes;
add_filter('upload_mimes', 'cc_mime_types');

But what are the security implications of allowing this behaviour and why has it been disabled by default?