No matter what type of your website is, you probably need an option for visitors to upload their files. They can be a screenshot of their problem when using your product or a Microsoft Word file of their guest post.

Unfortunately, WordPress doesn’t allow file submission by default. You have to seek help from file upload plugins.

In some cases, your uploaded files from the front end may contain users’ private information. They should be protected so unauthorized people won’t be able to access or view them.

In this article, we’ll walk you through the tutorials on how to allow file uploads from visitors as well as the way to secure them efficiently. But before digging into the detailed guides, let’s discuss the types of websites that need file upload capability the most. 

When You Need File Uploads on Your WordPress Site

Here are the most common cases when WordPress file upload plugins come in handy. 

• Job portal – You’re running a job agency website to collect applications. The best way is to create application forms for candidates to submit their resume files. They can also include other important documents such as Reference Letters, Certificates, and CVs.
• Guest post websites – You want experts to share their experience about a specific niche and contribute to your blog via guest post. A submitting form with a required file upload field forces visitors to provide their portfolios and an outline of their post beforehand. In this way, you can reduce the spamming submissions rate. 
• Giveaway award confirmation – Let’s say you organize a contest about design. You can create a form with an option for participants to send their designs directly to your site. As a result, you don’t have to worry about your inbox getting booming by participants’ emails.
• Banking websites – This type of website also needs a file upload plugin for users to provide a file of their credential information, including identity, address, and income proof.
• Feedback and support – Users and customers may have issues when using your products. To clearly clarify their problems and provide suitable support, you need to have at least one screenshot describing their problems. A file upload field in the support contact form makes it easy for users to report their issues.

How to Allow File Uploads in WordPress

There are a lot of plugins allowing you to create an option for users to upload files to your site. Among them, Contact Form 7 stands out from the crowd as one of the free and robust contact form plugins that support file uploads at its core. The number of over 5 million users in every corner of the world and more than 1.3k 5-star reviews have said it all.

The plugin primarily enables you to build forms anywhere on your WordPress site. Its simple markup makes it easy for you to customize your forms in just a few minutes. 

On top of that, unlike other contact form plugins that require you to pay an extra amount for file upload extension, Contact Form 7 lets you add a file upload field to your form for free.

Follow these 2 steps to get started with the plugin:

Step 1: Install and Activate  Contact Form 7 Plugin

1. Log into your WordPress admin dashboard and go to Plugins → Add New

 

2. Type “Contact Form 7” in the keyword box to search for the plugin

3. Install and activate the plugin

Step 2: Create a Form for File Upload

Upon activation, the plugin will be added to your WordPress admin navigation menu as the Contact section. You can add a new form by going to Contact → Add New. The next step is to name your form.

Then, click on options under the Form tab to add different fields to your form. You should add basic fields such as Name, Email, Subject, Message to the form. Anytime you press a field button, it will show a popup allowing you to adjust the field. Click Insert Tag to add that field to the form.

Click on the File option and follow the same process as what you do for other previous fields.

Now it’s time to enter the acceptable file type in the popup as well as providing the file size limit. Click Insert Tag to include the file upload field in your form and you’re ready for the next step.

Step 3: Add Your Contact Form to a Page

When you finish creating a simple file upload form, it’s time to add it to your WordPress pages or posts. All you need to do is copy the form shortcode in the form you have just created and paste it into your desired page. 

This is how your page looks with a file upload form created by Contact Form 7:

Protect WordPress File Uploads Automatically

You might not notice but file upload fields are one of the most attractive areas to hackers and malware. They can upload executable codes under PHP or JavaScript file format. Consequently, these harmful files can break your site down quickly.

Believing it or not, attackers used to take advantage of the Contact Form 7 file upload security flaw called “the unrestricted file upload vulnerability” in December last year. 

In brief, the vulnerability caused WordPress sites to accept some blacklisted file formats, such as PHP or ASP. Not only did they execute commands and functions on your site but they also spread malicious scripts to the WordPress uploads folder. 

WordFence estimated that over 10 million WordPress sites had suffered from that attack. Luckily, Contact Form 7 released a security patch to fix it right off the bat.

What’s more, uploaded files by users can get crawled and indexed by crawlers. As a result, visitors can find them on search results. If files with the private information of customers or clients leak out, ill-intentional users can take advantage of them. 

These are why it’s necessary to secure your file uploads. Luckily, you have the PDA Gold plugin at hand. The tool integrates seamlessly with Contact Form 7 allowing you to protect unlimited files of any type automatically right after they’re uploaded with just a click.

Once protected, your files become private to the public. Plus, the plugin will block all search engines from indexing your files. There is no more concern about leaking important files or information outside your site or organization.

How to Use PDA Gold to Protect WordPress File Uploads

The PDA Gold only works properly when you have its Lite version ready at the same time. So make sure you have both PDA Lite and PDA Gold installed and activated on your WordPress site. 

The following guide shows you have to install these plugins:

1. Open Plugins → Add New in your WordPress dashboard

 

2. Type “prevent direct access” in the keyword box

3. Click “Install” and “Activate”

4. Download the PDA Gold plugin from their site under a zip file format

5. Go to Plugins → Add New and hit the Upload Plugin button to add the plugin to your site

6. Enter the license key sent to your email and activate the plugin

7. Head to General Settings under the Prevent Direct Access section on your admin navigation menu

8. Enable the feature Auto-protect New File Uploads

By default, your protected file is available to admins only. You can set file access permission to enable other users to view them too, such as subscribers or logged-in users. 

Save changes and you’re done.

Explore other Powerful File Protection Features of PDA Gold

Apart from securing uploaded files automatically, PDA Gold gives you a helping hand in making unlimited files in the WordPress Media Library private. The plugin protects almost of file types, from PNG, JPEG, to ZIP, DOCX, PDF, MP3, and MP4. 

Even though users have the right URL of your private files, they’ll be redirected to a 404 not found page when trying to access them. You can replace the original URLs with private download links for paid members or logged-in users to view and download your files. 

What’s more, these private download links can expire after a certain time or clicks, depending on your settings. This reduces the chance that users share your links with others which helps boost file security.

Ready to Protect Your WordPress File Uploads?

The file upload option gives you a chance to take screenshots of users’ problems, writing files, or any documents from clients, customers, guest writers, and site members.

Creating a form for users to upload files has never been easier thanks to the free and feature-rich Contact Form 7 plugin. You can create and customize your form via shortcodes and add it to any pages on your WordPress site.

Allowing file uploads is not enough. You need to protect them from hackers and unauthorized access. These uploaded files may contain important data of clients, customers, and users that shouldn’t be available to everyone.

PDA Gold helps release your headache by auto-protecting any files uploaded by visitors from the front end with a click. People without permission won’t be able to access them even if they have the file URL. It also blocks search indexing on your private files too.

Do you still have any questions about how to secure WordPress file upload? Share with us your concern in the comment section below. 

Author bio: Tammie Clark is a young and enthusiastic blogger who is passionate about WordPress development and content protection. She enjoys exploring the world through cuisine.