Mission Briefing
AODN Free SVG Upload — Safe SVG Uploads for WordPress, No Cost, No Catch
AODN Free SVG Upload is a free WordPress SVG upload plugin that lets you safely upload SVG files to your Media Library with automatic sanitization. Every SVG is parsed, scrubbed of malicious code, and saved clean — before it ever touches your server. Role-based upload control, proper Media Library previews, and automatic updates. Free forever. No upsell. No subscription. No strings.
Download Free — Just Enter Your Email
- Whitelist-based SVG sanitization — only safe elements and attributes survive
- Role-based upload control — choose exactly which user roles can upload SVGs
- Media Library previews — SVGs display as actual images, not generic icons
- Automatic updates — new versions delivered straight to your WordPress dashboard
- Free forever — no paid tier, no feature gating, no “upgrade to Pro” nags
See It in Action
60-second walkthrough: SVG upload, sanitization, media library integration, and settings overview.
WordPress Blocks SVG Uploads by Default — Here Is Why That Matters
SVG files are not images. They are XML documents. That means they can contain <script> tags, event handlers like onclick, embedded <iframe> elements, and external resource calls that phone home to an attacker’s server. WordPress knows this, which is why it blocks SVG uploads entirely out of the box.
But you need SVGs. Your logo is an SVG. Your icons are SVGs. Your designer hands you SVG files because they scale perfectly at any resolution and weigh a fraction of what a PNG does. So you search for a plugin to enable SVG uploads — and most of what you find either does not sanitize at all or charges you annually for the privilege.
AODN Free SVG Upload solves this without costing you a dime. It enables SVG uploads, sanitizes every file on upload using a whitelist-based DOMDocument parser, and gives you role-based control over who can upload them. The entire thing is free, and it stays free.
How the Sanitizer Works
When you upload an SVG through the WordPress Media Library, AODN Free SVG Upload intercepts the file before it is saved to disk. Here is what happens next:
Step 1: Pre-Parse Cleanup
DOCTYPE declarations are stripped to prevent XXE (XML External Entity) attacks. Processing instructions and CDATA sections that could smuggle malicious content are removed. If the file does not contain a valid <svg> element, it is rejected outright.
Step 2: Element Whitelist
The sanitizer walks every node in the DOM tree. Any element not on the explicit whitelist is removed — no exceptions. The whitelist includes all standard SVG elements you actually use: <svg>, <path>, <rect>, <circle>, <g>, <defs>, <use>, gradients, filters, text, and animations. Dangerous elements like <script>, <iframe>, <foreignObject>, and <embed> are blocked.
The plugin settings page — role-based SVG upload control with real-time security status.
Step 3: Attribute Scrubbing
Every attribute on every element is checked against an attribute whitelist. All on* event handlers (onclick, onload, onmouseover, etc.) are stripped. Dangerous URI schemes in href and xlink:href attributes — javascript:, data:, vbscript:, blob:, file: — are removed. Style attributes are checked for expression() and dangerous url() references while preserving safe internal references like url(#gradient).
Step 4: Final Validation
After sanitization, a final regex check confirms no <script> tags or event handlers survived the process. If anything suspicious remains, the upload is blocked entirely. What passes through is a clean SVG — all visual elements intact, every known attack vector removed.
What Is Included — Every Feature, No Paywall
- Whitelist-based DOMDocument sanitization — server-side parsing using PHP’s native XML parser. No external API calls. Nothing leaves your server.
- 40+ allowed SVG elements — shapes, gradients, filters, animations, text, markers, and clipping paths all preserved.
- 90+ allowed attributes — presentation attributes, transforms, accessibility attributes, and data attributes pass through.
- 14 dangerous element categories blocked —
<script>,<iframe>,<embed>,<object>,<foreignObject>,<applet>, and more. - All event handlers stripped — every
on*attribute removed from every element. - Dangerous URI scheme blocking —
javascript:,data:,vbscript:,blob:, andfile:protocols blocked in href attributes. - XXE attack prevention — DOCTYPE and ENTITY declarations stripped before parsing.
- Role-based upload control — settings page lets you choose which roles can upload SVGs. Administrator-only by default.
- Media Library SVG previews — SVGs display as actual images in grid and list views, not generic file icons.
- SVG dimension extraction — width and height are read from the SVG’s
viewBoxor dimension attributes and stored in WordPress metadata. - Automatic updates — new versions are delivered through your WordPress dashboard, same as any plugin from wordpress.org.
- Clean uninstall — removing the plugin deletes all its options and transients. Your database stays clean.
SVG files display as real image thumbnails in the WordPress Media Library — not generic file icons.
How It Compares to the Alternatives
| Feature | AODN Free SVG Upload | Safe SVG (Free) | SVG Support Pro ($39/yr) |
|---|---|---|---|
| SVG sanitization | Yes — whitelist | Yes | Yes |
| Role-based upload control | Yes | No | Yes |
| Media Library previews | Yes | Yes | Yes |
| XXE attack prevention | Yes | Partial | Yes |
| foreignObject blocking | Yes | Yes | No |
| Auto-updates | Yes | Via wordpress.org | Yes |
| Price | $0 — Free forever | Free | $39/year |
Safe SVG is a solid free plugin. It does sanitize. But it gives every user role unrestricted SVG upload access — there is no way to limit it to administrators or editors only. On a multi-author site, a membership site, or a WooCommerce store with vendor accounts, that is an open door. AODN Free SVG Upload ships with role-based control from day one.
SVG Support Pro costs $39 per year. For uploading SVGs. If you manage five sites, that is $195 annually for a feature that should have been free. We built the free alternative so you do not have to rent basic functionality.
Who This Is For
Solo site owners and bloggers who need to upload SVG logos, icons, and illustrations without worrying about security. Install it, upload your SVGs, done.
Freelancers and agencies building client sites who need SVG support without adding another subscription to the project cost. Free means free on every site you build.
Multi-author WordPress sites where you want SVG uploads limited to administrators only — or extended to editors when appropriate. The settings page puts you in control.
Anyone tired of paying annually for a basic WordPress utility. SVG upload support should not be a subscription product. We agree.
SVG details panel showing proper dimensions, file size, and visual preview in the Media Library.
Technical Requirements
- WordPress: 6.0 or higher
- PHP: 7.4 or higher (PHP 8.x fully supported)
- PHP Extension: DOMDocument (enabled by default on virtually all hosts)
- Tested up to: WordPress 6.9
- External Dependencies: None
Frequently Asked Questions
Is this really free? What is the catch?
There is no catch. AODN Free SVG Upload is free, open-source (GPL v2), and will stay free. We build WordPress plugins because we think basic utilities should not cost $39 per year. If you want advanced features like configurable file size limits, inline SVG rendering, and SVG badges in your media grid, check out Secure SVG Pro for a one-time $19 purchase.
Is this safe to use on a production site?
Yes. The plugin was tested by 7 independent AI models across 3 review rounds before release. Every SVG uploaded through this plugin is parsed by PHP’s DOMDocument, checked against a strict element and attribute whitelist, and scrubbed of all known attack vectors — including script injection, XXE attacks, event handlers, and dangerous URI schemes.
How do I get updates?
Updates are delivered automatically through your WordPress dashboard, the same way any plugin updates. When a new version is available, you will see the update notification in your Plugins page and can update with one click.
Can I control which user roles can upload SVGs?
Yes. Go to Settings > AODN SVG Upload in your WordPress dashboard. You can enable or disable SVG uploads for each user role individually. By default, only Administrators can upload SVGs.
Will this break my existing SVGs?
No. The sanitizer preserves all visual SVG elements — shapes, gradients, filters, animations, text, clipping paths, and transforms. Only dangerous elements and attributes are removed. Your SVGs will look exactly the same after sanitization.
What is the difference between this and Secure SVG Pro?
AODN Free SVG Upload covers the essentials: sanitization, role-based control, and Media Library previews. Secure SVG Pro ($19, one-time) adds configurable file size limits, inline SVG rendering via wp_kses, SVG badges in the media grid, metadata stripping, and deeper CSS attack surface coverage. Both are lifetime purchases with no subscription.
Download AODN Free SVG Upload — Zero Cost, Zero Risk
Your site needs SVGs. WordPress blocks them for good reason. This plugin lets you upload them safely — with real sanitization, real access control, and real Media Library integration. And it is completely free.
Enter your email below, and the download link is yours. We will only email you about critical security updates — nothing else.
Download Free — Enter Your Email
Looking for more? Secure SVG Pro adds file size limits, inline rendering, and deeper attack surface coverage for $19 — one-time, no subscription.