July 4, 2020 · 12:00 pm
Jump to Comments

WordPress Max Upload Size – Increase Your Limits

I had to increase my WordPress max upload size this week, and it was super simple.

Increase WordPress Max Upload Size - Introduction

During my recent PHP update, I forgot to transfer over all my configuration settings.

In addition to php-gd being missing and messing up my captcha, I also had the default upload size of 8MB set.

I wanted to share how to increase this limit for PHP, which is what WordPress uses by default.

Max Filesize Limit

First, while writing my BunnyType post, I received the following error.

WordPress Max Upload Size - Limit exceeded

After a quick search, I found that the default PHP values were lower than what I would need.

Increasing the Upload Limit

As you can see from my PHP 7.0 file, these were values that I had previously set before my updates.

root@doylernet:~# cat /etc/php/7.0/apache2/php.ini | grep "max_"
; max_input_time
max_execution_time = 30
max_input_time = 60
;max_input_nesting_level = 64
; max_input_vars = 1000
log_errors_max_len = 1024
post_max_size = 12M
upload_max_filesize = 14M
max_file_uploads = 20
odbc.max_persistent = -1
odbc.max_links = -1
;birdstep.max_links = -1
ibase.max_persistent = -1
ibase.max_links = -1
mysqli.max_persistent = -1
mysqli.max_links = -1
;oci8.max_persistent = -1
pgsql.max_persistent = -1
pgsql.max_links = -1
ldap.max_links = -1
;opcache.max_accelerated_files=2000
;opcache.max_wasted_percentage=5
;opcache.max_file_size=0

First, I increased my post_max_size from 8MB to 13MB. This is the entire body of the POST request, which could have multiple files.

post_max_size = 13M

Next, I increased the upload_max_filesize from 2MB to 12MB. This is the limit for each file, which was what was causing my WordPress errors.

upload_max_filesize = 12M

Finally, I verified that my memory_limit was 15MB, to prevent any upload or timeout issues.

memory_limit = 15M

With all the settings updated, I restarted Apache.

root@doylernet:~# service apache2 restart

When I logged back in to my WordPress instance, the limit was increased and there were no more errors.

Upload limit increased

Increase WordPress Max Upload Size - Conclusion

This was another post that wasn't exactly security related, but it was something preventing me from blogging.

I'm still enjoying WordPress and recommend it for websites that you don't want to deal with configuration nightmares on.

Stay tuned for some more research related posts but let me know if there is anything else that you'd like to see in the meantime!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

As an Amazon Associate I earn from qualifying purchases.

Common passed on this blog, I made it to a jam.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.