I had to increase my WordPress max upload size this week, and it was super simple.
Increase WordPress Max Upload Size – Introduction
During my recent PHP update, I forgot to transfer over all my configuration settings.
In addition to php-gd being missing and messing up my captcha, I also had the default upload size of 8MB set.
I wanted to share how to increase this limit for PHP, which is what WordPress uses by default.
YouTube Version of this Post
If you prefer video and audio over just reading the text, then you can find the YouTube version of this post below.
That said, don’t forget to hit those like and subscribe buttons to help support the blog and channel!
Max Filesize Limit
First, while writing my BunnyType post, I received the following error.
After a quick search, I found that the default PHP values were lower than what I would need.
Increasing the Upload Limit
As you can see from my PHP 7.0 file, these were values that I had previously set before my updates.
root@doylernet:~# cat /etc/php/7.0/apache2/php.ini | grep "max_" ; max_input_time max_execution_time = 30 max_input_time = 60 ;max_input_nesting_level = 64 ; max_input_vars = 1000 log_errors_max_len = 1024 post_max_size = 12M upload_max_filesize = 14M max_file_uploads = 20 odbc.max_persistent = -1 odbc.max_links = -1 ;birdstep.max_links = -1 ibase.max_persistent = -1 ibase.max_links = -1 mysqli.max_persistent = -1 mysqli.max_links = -1 ;oci8.max_persistent = -1 pgsql.max_persistent = -1 pgsql.max_links = -1 ldap.max_links = -1 ;opcache.max_accelerated_files=2000 ;opcache.max_wasted_percentage=5 ;opcache.max_file_size=0
First, I increased my post_max_size from 8MB to 13MB. This is the entire body of the POST request, which could have multiple files.
post_max_size = 13M
Next, I increased the upload_max_filesize from 2MB to 12MB. This is the limit for each file, which was what was causing my WordPress errors.
upload_max_filesize = 12M
Finally, I verified that my memory_limit was 15MB, to prevent any upload or timeout issues.
memory_limit = 15M
With all the settings updated, I restarted Apache.
root@doylernet:~# service apache2 restart
When I logged back in to my WordPress instance, the limit was increased and there were no more errors.
Increase WordPress Max Upload Size – Conclusion
This was another post that wasn’t exactly security related, but it was something preventing me from blogging.
I’m still enjoying WordPress and recommend it for websites that you don’t want to deal with configuration nightmares on.
Stay tuned for some more research related posts but let me know if there is anything else that you’d like to see in the meantime!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here.