lwplugins/lw-enable

Enable WordPress features: SVG uploads and more.

Maintainers

Details

github.com/lwplugins/lw-enable

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Type:wordpress-plugin

pkg:composer/lwplugins/lw-enable

v1.0.4 2026-02-08 10:10 UTC

Requires

Requires (Dev)

GPL-2.0-or-later 006a46dbd2563b33f5d8716d9733ede5a07198c4

This package is auto-updated.

Last update: 2026-02-08 10:10:31 UTC

README

Enable WordPress features: SVG uploads and more.

Packagist PHP WordPress License

Features

Media

  • SVG Uploads - Allow SVG file uploads with comprehensive security sanitization
    • MIME type registration
    • Script/XSS detection and blocking
    • XXE (XML External Entity) protection
    • Event handler detection
    • Obfuscation detection (Unicode/hex escapes, entity encoding)
    • Automatic SVG dimension extraction (width/height and viewBox)
    • 5MB file size limit
    • Post-upload re-validation

Installation

composer require lwplugins/lw-enable

Or download and upload to /wp-content/plugins/.

Usage

Admin UI

  1. Go to LW Plugins → Enable
  2. Check the features you want to enable
  3. Save

WP-CLI

# List all features and their status
wp lw-enable list

# Enable a feature
wp lw-enable enable svg

# Disable a feature
wp lw-enable disable svg

# Enable all features at once
wp lw-enable enable-all

# Disable all features (restore defaults)
wp lw-enable disable-all

Available features:

Feature Description
svg SVG file uploads with security sanitization

Security

SVG files can contain malicious code. This plugin performs comprehensive sanitization before allowing uploads:

  • 34 dangerous patterns detected (scripts, event handlers, external entities, data URIs, etc.)
  • Entity decoding to catch obfuscated payloads
  • XML validation via DOMDocument
  • Post-upload verification - files are re-checked after WordPress processes them
  • Automatic cleanup - invalid files are deleted immediately

Links