Enable SVG Support in WordPress

WordPress enables users to upload quite a few different kinds of image files. You’ll likely recognize the usual suspects, such as PNG and JPG. Displaying other file types, such as vector graphics, can be more problematic. 

Fortunately, there are a few ways to incorporate vector files into your website. While not a native feature, Scalable Vector Graphics (SVG) files can be used to display two-dimensional images on WordPress sites. With a little reconfiguring, you’ll be able to optimize some of your logos and other graphics using this file type. 

Note: If you are hosting with WP Engine we natively support GZIP compression on SVG files.

In this article, we’ll learn more about what SVG files are and why you might want to use them. Then we’ll walk through two ways to enable their use on your website. We’ll also cover some important security precautions you may want to take. Let’s get started! 

What Is an SVG?

An SVG file is a type of vector image. Vector files are composed differently than more common image file types. For example, a JPG is made up of thousands of pixels. With an SVG file, on the other hand, that is not the case. 

Vector images are more like a set of written instructions. They don’t contain pixels that form a larger image. Instead, they include a schema-like set of data that creates a two-dimensional image. This means there are some unique benefits to using SVG files. 

Why Use SVG?

SVGs have a number of perks. Since they are highly scalable, you can manipulate the size as needed without impacting the quality of the image. As you might know all too well, if you try to scale a JPG up in size, the quality degrades to an unusable level very quickly.

That’s where SVGs can come in handy. While they aren’t meant for displaying traditional photographs, they are a great choice for business logos, icons, and other simple graphics on your website.

Additionally, SVG files tend to be significantly smaller than other image types. This means your site won’t get bogged down by graphics. What’s more, SVG files are indexed by Google, and have been for quite some time. This can be a real boon for your site’s Search Engine Optimization (SEO). 

How to Upload an SVG to WordPress

Since WordPress doesn’t include support for SVGs out of the box, you’ll have to work a little harder to include them on your website. In the next few sections, we’ll go over how to add SVG files to your website with a plugin and via a manual process.

Method 1: Use a Plugin

As with many WordPress tasks, plugins can make enabling SVG support simple. All you have to do is pick the right tool and configure a few settings.

Step 1: Download the Plugin

First, you’ll need to download and install an SVG plugin. We recommend SVG Support: 

Once you’ve installed and activated the plugin, you’ll have a new menu option in your WordPress dashboard under Settings > SVG Support. There, you will receive instructions on how to style SVG files for your website:

Additionally, you’ll be able to configure a few important administrative settings. This includes restricting SVG uploading privileges to administrators only: 

After that, you’ll be able to upload SVG files directly to your Media Library. However, there are a few other important items to take care of first. 

Step 2: Enable GZip support of SVG Files on Your Server

How you approach this step will depend on your web host and server setup. For example, here at WP Engine, GZip is already enabled for a specific list of file types. With that being said, “image/svg+xml” is not one of them. 

Adding this type to the list for your website will ensure that your SVG files are optimized appropriately and quickly. You’ll need to include this file type in your .htaccess file, in order for everything to run smoothly.

Step 3: Ensure That the Plugin Is Correctly Securing Files

One of the downsides to using SVG files, and the primary reason this file type has not yet been incorporated into WordPress core, is due to security issues. Since SVG files are XML-based, they are vulnerable to External Entity attacks, among other risks.

When you configure your SVG plugin, it’s recommended that you limit SVG upload access to administrators only. However, an even more secure approach is to ‘sanitize’ your SVG files before you upload them. This eliminates any of the unnecessary XML code that might leave your site open to attacks. 

The SVG Support plugin does not include automatic sanitization, but there are other plugins that do. Safe SVG is one of them:

Alternatively, you can also install your own sanitizer and use it independently. The creator of Safe SVG has provided the plugin’s sanitizer code on GitHub, for anyone to use.  

Having your own sanitizer in place is also a good option if you plan to use the next method for enabling SVGs on your WordPress website. 

Method 2: Manually Enable SVG File Uploads

If you prefer getting your hands dirty to using a plugin, you can manually enable your WordPress site to accept SVG files. Next, we’ll take a look at how that process works.

Step 1: Edit Your Site’s Functions.php File

To get started, you’ll need to edit your website’s functions.php file. To do this, you can go to Appearance > Edit Themes in your dashboard, and select the functions.php file: 

Alternatively, you can access your site’s files using a File Transfer Protocol (FTP) application such as FileZilla.

Either way, it’s best to create a child theme or switch to a development environment before doing any major work on your website. This will keep your live site safe from harm while you’re making changes.

Step 2: Add a Code Snippet

Next, you’ll need to add the following snippet of code to your functions.php file: 

// Allow SVG
add_filter( 'wp_check_filetype_and_ext', function($data, $file, $filename, $mimes) {

  global $wp_version;
  if ( $wp_version !== '4.7.1' ) {
     return $data;
  }

  $filetype = wp_check_filetype( $filename, $mimes );

  return [
      'ext'             => $filetype['ext'],
      'type'            => $filetype['type'],
      'proper_filename' => $data['proper_filename']
  ];

}, 10, 4 );

function cc_mime_types( $mimes ){
  $mimes['svg'] = 'image/svg+xml';
  return $mimes;
}
add_filter( 'upload_mimes', 'cc_mime_types' );

function fix_svg() {
  echo '<style type="text/css">
        .attachment-266x266, .thumbnail img {
             width: 100% !important;
             height: auto !important;
        }
        </style>';
}
add_action( 'admin_head', 'fix_svg' );

After that, you’ll be able to upload SVG images to your Media Library. There, you can view and interact with them just like with other image file types. 

Step 3: Secure Access and Limit SVG Upload Permissions

As we mentioned earlier, enabling SVG files does involve certain risks. To keep your site safe, you can set upload permissions for SVGs by creating custom user roles. You can use a plugin such as User Role Editor or WPFront User Role Editor to accomplish this. 

These plugins enable you to customize the access and permission levels for your existing user roles. In other words, they’ll let you designate which users will have permission to upload SVGs. This will help you keep tabs on the security of those files. 

Stay Secure With WP Engine

Natively, WordPress does not enable the use of SVG files. That’s unfortunate, since these files tend to be the best option for displaying logos and other graphics. The good news is that with the help of some of our favorite developer resources, you’ll be able to enable and secure the use of SVG files on your site. 

Plus, keep in mind that on our WordPress hosting plans, you’ll get access to professional support and well-developed website security solutions. Secure your site with us today!