The premium WordPress plugin, Gravity Forms has a built in security feature which “self heals” the Gravity Forms uploads folder by renaming files containing certain file name extensions. This “self healing” function is routinely called from a Gravity Forms created cron-job and scans for files that may be malicious but it doesn’t actually analyze the file to verify if it is malicious or not. Rather, it simply renames the discovered file based off the file extension with no notice to you that it has been renamed or has altered any files in the uploads directory.
Below we’ve listed the file name extensions that are monitored for their existence and will be automatically renamed if discovered.
‘php’, ‘asp’, ‘aspx’, ‘cmd’, ‘csh’, ‘bat’, ‘html’, ‘htm’, ‘hta’, ‘jar’, ‘exe’, ‘com’, ‘js’, ‘lnk’, ‘htaccess’, ‘phtml’, ‘ps1’, ‘ps2’, ‘php3’, ‘php4’, ‘php5’, ‘php6’, ‘py’, ‘rb’, ‘tmp’
Preventing Uploaded Gravity Forms Files from Being Renamed
To get around this limitation you would want to use the “gform_disallowed_file_extensions” filter in your theme’s functions.php file or a custom functions plugin. Doing so will instruct the scheduled cron-job to skip excluded file extensions and thus stop the automatic renaming your uploaded files breaking links to said uploads. Simply tailor the snippet below:
NOTE: You’ll also need to add the file extension to the allowed extensions setting on the file upload field if not already there.
We hope this article on preventing Gravity Forms from renaming your uploaded form files on your WordPress web site has added value to you. If so, please take a moment to recommend us on Facebook, share this on your social media or buy us a cup of coffee. Let us know if you found any errors within our article or if we may assist you with any additional questions.