[wp-edu] How to safely handle photo uploads by general public on a multisite

Dixie Lang ddlang at wisc.edu
Tue Jul 1 18:27:25 UTC 2014

Greetings fellow WordPress users,

I have three internal clients that could benefit from a smoother process to allow their clients to upload photos for diagnostic and identification purposes, e.g. identify bugs or diagnose turfgrass or plant problems.

All three WordPress sites are on a multisite, and all three currently have Gravity Forms contact forms. The upload limit is the same throughout the multisite - 6MB. This limit works for our current internal users.

The current method to protect the server is to have clients email the photos separately, and then the photos must be manually matched to the form information. 

I am concerned about two things regarding allowing file uploads from external users:
1) the possibility of malicious files being uploaded
2) the possibility of users uploading files at higher than 72dpi, and quickly filling up disk quota - I would prefer not to punish the internal users by lowering the disk quota across the multisite

Has anyone have insights to share on how to balance upload convenience, server safety and disk quota?

Thanks in advance for any guidance you are willing to share.

- Dixie Lang
Web Developer
University of Wisconsin-Madison Russell Labs

More information about the wp-edu mailing list