When I try uploading a .doc or .docx file I get this message:
Sorry, this file type is not permitted for security reasons
What are the security risks involved in a multisite installation (3.9.1)?
I know how to enable the feature.
Thank you.
1 Answer
.doc files can contain executable scripts, and there is no way to make sure they are safe. The same applies to SVG and some other file types.
If WordPress would accept .doc files from any user with the capability upload_files, these files could be used to send malicious code to visitors.