SVG uploads,
done safely.
Safe SVG enables SVG uploads to the WordPress Media Library and sanitizes every file on upload. Dangerous tags and attributes are stripped before the file is saved. Nothing harmful gets through.
Every SVG is sanitized before it reaches disk
The well-known enshrined/svg-sanitize library is bundled with the plugin and runs on every upload. No extra setup, no network calls, no third parties.
Upload as normal
SVG and SVGZ files appear in the allowed upload types. Drag them into the Media Library or upload through any upload field, just like a JPEG.
Sanitizer runs
Every file is scanned against an allowlist of safe SVG tags and attributes. Anything outside the allowlist is stripped. SVGZ files are unzipped, sanitized, then zipped again.
Clean file saved
Only the sanitized file is written to disk. WordPress metadata, previews, and dimensions are set correctly so the file behaves like any other Media Library attachment.
Everything you need for SVG in WordPress
Automatic sanitization
script tags, foreignObject, and other dangerous elements are stripped from every SVG on upload. Files cannot bypass the sanitizer.
Per-role upload control
Pick which user roles can upload SVG files. Leave all unchecked for open access, or restrict to specific roles for tighter control.
Correct Media Library previews
SVG thumbnails and dimensions are fixed so they appear correctly in the Media Library grid and list views, not as broken or missing images.
Safe SVG block
A block in the Design category lets you pick any SVG from the Media Library and inline it into the page. Inline SVG is what you need to style or animate it with CSS.
Developer filters
Ten filters let you override the allowed tag list, attribute list, upload permissions, inline block markup, and SVGO optimiser settings.
Drop-in upgrade
Option keys and the upload capability match the original Safe SVG plugin exactly. Upgrading from the original plugin keeps all your settings and existing SVG blocks keep rendering.
Safe SVG uploads, today
Download Safe SVG and enable SVG uploads in WordPress without opening your site to vulnerabilities.