Media File Limiter is a lightweight and efficient plugin designed to strengthen your WordPress upload security.
It limits the maximum upload file size (in MB) and blocks specific dangerous file extensions (e.g., .exe, .php, .html, .js), preventing malicious or oversized files from being uploaded to your media library.
Unlike traditional file validation, this plugin operates at the earliest possible stage of the upload process via the wp_handle_upload_prefilter hook, ensuring that dangerous files are blocked before WordPress processes them.
Key Features Set a custom maximum upload size (in MB).
Define forbidden file extensions (comma-separated).
Displays current PHP/WordPress upload limits for reference.
Early-stage security enforcement — before files reach media processing.
Fully translatable and internationalized (media-file-limiter text domain).
Compatible with multisite environments.
Why This Plugin? WordPress allows large files and executable extensions under certain misconfigurations, which can lead to:
Server performance degradation.
Potential remote code execution (RCE) risks.
Media library clutter and upload errors.
Media File Limiter addresses these issues with a simple, configurable interface under the WordPress “Settings → Media Limit” page.
License
This plugin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version.
This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Additional Notes
The plugin follows WordPress Coding Standards (WPCS).
All options use the Settings API (register_setting / add_settings_field).
Security first: early execution priority (wp_handle_upload_prefilter, priority 1).
Uninstall hook (register_uninstall_hook) ensures full cleanup.