[wp-edu] How to safely handle photo uploads by general public on a multisite

Covello, Steve Steve.Covello at granite.edu
Tue Jul 1 19:04:14 UTC 2014

Consider looking at the Smushit plugin:


It's been taken over by WPMU, which is a good thing. I don't know if it can impose a file size limit, but it might at least automatize the optimizing process so that no one has to be "smart" about it.

- Steve
From: wp-edu [wp-edu-bounces at lists.automattic.com] on behalf of Caroline Meikle [cameikle at wisc.edu]
Sent: Tuesday, July 01, 2014 2:55 PM
To: wp-edu at lists.automattic.com
Subject: Re: [wp-edu] How to safely handle photo uploads by general public on a multisite

Hi Dixie,

It looks like Gravity forms has hooks and filters you could use to
create functions to limit the file types and maximum file size:

There are plugins that can do so as well:

Contact Form 7 also allows you to specify file types and sizes:



On 7/1/2014 1:27 PM, Dixie Lang wrote:
> Greetings fellow WordPress users,
> I have three internal clients that could benefit from a smoother process to allow their clients to upload photos for diagnostic and identification purposes, e.g. identify bugs or diagnose turfgrass or plant problems.
> All three WordPress sites are on a multisite, and all three currently have Gravity Forms contact forms. The upload limit is the same throughout the multisite - 6MB. This limit works for our current internal users.
> The current method to protect the server is to have clients email the photos separately, and then the photos must be manually matched to the form information.
> I am concerned about two things regarding allowing file uploads from external users:
> 1) the possibility of malicious files being uploaded
> 2) the possibility of users uploading files at higher than 72dpi, and quickly filling up disk quota - I would prefer not to punish the internal users by lowering the disk quota across the multisite
> Has anyone have insights to share on how to balance upload convenience, server safety and disk quota?
> Thanks in advance for any guidance you are willing to share.
> - Dixie Lang
> ------------------------
> Web Developer
> University of Wisconsin-Madison Russell Labs
> _______________________________________________
> wp-edu mailing list
> wp-edu at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-edu

Caroline Meikle
Database Programmer
UW-Madison Institute on Aging
Midlife Development in the United States (MIDUS) Project
Information Processing Consultant
UW-Madison Soil Science Department
Community and Regional Food Systems Project
cameikle at wisc.edu  | 608-358-0485
I check my email 8am-5pm CST Monday-Friday,
excluding holidays, sick days, and time off.
If you email me outside of those times,
I will reply within 48 hours of the following business day.

wp-edu mailing list
wp-edu at lists.automattic.com

More information about the wp-edu mailing list