Pluggies SVG

Upload SVG files to the Media Library securely, with automatic sanitization.

What it’s for

Pluggies SVG allows you to upload SVG files (vector images, such as logos and icons) directly to the Media Library of WordPress. Normally, WordPress blocks SVGs because they can contain potentially dangerous code: this plugin enables them and, at the same time, automatically cleans every file upon upload, removing risky parts.

In practice, you get the best of both worlds: you can use your vector images anywhere on the site (they are lightweight and remain sharp at any size) without exposing yourself to the typical security risks of SVG files.

Requirements

For the plugin to work correctly, it requires:

  • WordPress version 6.4 or later;
  • PHP version 8.0 or later.

If you are unsure about the versions in use on your site, you can find them in the WordPress dashboard under Tools → Site Health → Info. If in doubt, ask your hosting provider.

Installation and activation

Pluggies SVG is a free plugin. Once installed and activated from the Plugins page of your dashboard, it is immediately operational: there is no need to enter any license or configure anything to get started.

The plugin receives automatic updates from the Pluggies store: when a new version is released, you will see it appear as an available update in your dashboard, just like other WordPress plugins.

How to use it

As soon as it is activated, the plugin allows you to upload SVGs. By default, this capability is reserved for the Administrator role only: you can modify this in the settings.

Where are the settings

In the WordPress dashboard, open the Pluggies menu and select the option dedicated to SVG (the page is titled Pluggies SVG — Settings).

Choosing who can upload SVGs

On the settings page, you will find a list of the roles on your site (Administrator, Editor, Author, etc.), each with a checkbox. To enable a role to upload SVG files:

  1. check the box next to the desired role (you can select more than one);
  2. click Save Changes.

Keep in mind an important condition: in addition to being indicated here, the role must also have permission to upload files to the Media Library. In WordPress, this means Author role or higher. Checking a role that cannot upload files (such as Subscriber) will have no practical effect.

Uploading an SVG from the Media Library

Once your role is enabled, you can upload an SVG just like any other image:

  1. go to Media → Add New (or use the Upload Files button while editing a page or post);
  2. drag the .svg file or select it from your computer;
  3. wait for the upload to complete: the file is automatically cleaned during this phase.

After uploading, the SVG appears in the Media Library with its preview and can be used like a normal image, for example, as the site logo.

Automatic sanitization (what is removed and why)

Every SVG you upload is analyzed and “cleaned” before being saved. An SVG file is actually a text document that can hide executable instructions: allowing them to pass would expose the site to attacks (for example, executing unwanted code in the browser of visitors). For this reason, the plugin automatically removes dangerous parts while keeping the design intact. Specifically, the following are removed:

  • embedded scripts and executable content (e.g., <script> blocks);
  • content that loads other material from outside, such as <iframe>, <object>, <embed>, <foreignObject>, and audio/video tags;
  • “event handlers” (attributes that start with on, such as onload or onclick);
  • links that attempt to execute code, such as those using javascript:;
  • initial declarations that could be exploited for advanced attacks (DOCTYPE and external entities).

All of this happens automatically, without you having to do anything. In the vast majority of cases, logos and icons do not contain this type of code, so you will not notice any visual difference in the image.

Frequently Asked Questions

Is it safe to upload SVGs with this plugin?

Yes. The plugin is designed specifically to make the use of SVGs safe: every file is automatically cleaned upon upload, removing potentially dangerous parts. Additionally, the ability to upload SVGs is limited to the roles you decide (by default, only Administrator), further reducing risks. As a good practice, still upload SVG files from trusted sources.

Why is an SVG rejected during upload?

The upload can be canceled in some cases: the file is empty; it is not actually a valid SVG; or, after automatic cleaning, it is no longer a recognizable SVG image (usually because it contained almost only unsafe code). In these cases, WordPress shows an error message and the file is not saved. The solution is to recreate or re-export the SVG from a reliable graphic program and try again.

Who can upload SVG files?

Only users whose role you have enabled in the plugin settings. By default, it is allowed only for the Administrator. Remember that, in addition to being selected in the settings, the role must also have the normal permission to upload files in WordPress, meaning it must be Author or higher. Those who are not authorized, if they try to upload an SVG, will receive a message informing them that they do not have the necessary permissions.

I uploaded the SVG but the preview is not visible

The plugin is already set up to show the preview of SVGs in the Media Library and to manage their sizes. If you do not see the image, first try to reload the page while clearing your browser cache. Then check that the SVG has defined dimensions within it (the viewBox attribute or width and height): a file lacking this information may appear invisible or have zero size. Finally, if you are using a caching plugin or a CDN, try clearing its cache.

Do I need to configure anything immediately after activation?

No. Immediately after activation, uploading SVGs is already active for the Administrator, and every file is automatically cleaned. Open the settings only if you want to extend permission to other roles.

Pluggies SVG Want to install it or buy a license?
Go to plugin page