This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

This plugin has been closed and is no longer available for download.

Front End Upload


Uploading files should be considered risky

This plugin will facilitate uploading files to your server, which by nature should be considered risky.

MAKE SURE you have taken the proper precautions in protecting your uploads folder from prying eyes and malicious
intent. At the very least make sure you’ve uploaded an empty index.html or index.php to prevent directory listing.
Front End Upload takes a number of precautions to hopefully prevent unwanted file uploads but please be mindful that
server configuration can help prevent unwanted outcomes.


  • The Front End Upload Options screen


  1. Prevent directory listing of your uploads directory (e.g. add index.html or index.php to wp-content/uploads)
  2. Ensure proper security measures are taken to prevent code execution (e.g. add php_flag engine off to .htaccess
    within wp-content/uploads)
  3. Implement other security measures you feel necessary to protect your wp-content/uploads directory from prying eyes
    or malicous intent
  4. Upload the front-end-upload folder to your /wp-content/plugins/ directory
  5. Activate the plugin through the ‘Plugins’ menu in WordPress
  6. Edit your options under Settings > Front End Upload
  7. Place [front-end-upload] in the editor where you would like the uploader to appear
  8. Customize your CSS

Contributors & Developers

“Front End Upload” is open source software. The following people have contributed to this plugin.


Translate “Front End Upload” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Updated Plupload to version 1.5.5


  • Refactored the way file storage happens. Uploaded files are now obscured and
    downloads are routed through the plugin so as to help prevent unwanted execution of uploaded files
  • Elaborated installation instructions

  • Fixed a JavaScript issue that submitted the form too soon preventing accurate file
    locations from being sent in the resulting email in certain browsers
  • Fixed an issue where a false positive security check would prevent files from saving

  • Additional security precautions to better validate submissions (props Chris Kellum)

  • Additional security precautions to better validate submissions to upload.php

  • Added in additional file extension check

  • Further security enhancement to better obfuscate file locations


  • Fixed a security threat that allowed for potential code execution. Upgrade right away. This was not an issue in Front End Upload Pro.


  • Updated Polish translation
  • Better handling of larger uploads in Safari
  • Tested with WordPress 3.4RC1


  • Added a unique hash to the destination directory that will increase security by obscurity
  • Upgraded Plupload to 1.5.4


  • Removed a rogue PHP short open tag (props wzielins)
  • Updated file paths to accommodate multisite
  • Upgraded Plupload to 1.5.2


  • Fixed potential issue(s) with directory/URL definition (props
  • Disabled unique filename requirement


  • Added {@ip} to the available message tags
  • Added more opportunities for localization


  • Completely changed the way uploads are handled. They are no longer sent to the WordPress Media library and are instead stored in a subdirectory of ~/wp-content/uploads/
  • If a passcode is set, it must now be entered before any uploading can take place
  • Email validation takes place via JavaScript prior to the upload beginning
  • Support for large files has been added


  • Added custom mime types to the options screen
  • Fixed potential issue with unset max file size


  • Initial release