The File Uploads ad-on for Ninja Forms allows you to upload files to WordPress, Google Drive, Dropbox, or Amazon S3. Upload documents, images, media, and more. Easily control file type and size. Add an upload field to any form.
This is EXACTLY the same product as distributed by the developer. Sales Page
The extension is designed to handle the “heavy lifting” of file management so your server doesn’t get overwhelmed.
Storage Flexibility: You can store uploads in your WordPress Media Library or send them directly to external cloud services like Google Drive, Dropbox, or Amazon S3.
Restrictions: You have granular control over file types (e.g., only allowing .pdf or .jpg) and file size limits to prevent huge uploads from eating your storage.
Workflow Integration: You can automatically attach uploaded files to the email notifications sent to administrators or the user.
User Experience: Includes a clean drag-and-drop interface and progress bars so users know their file is actually uploading.
Because file uploads are a common entry point for hackers, security is the most critical part of using this plugin.
Server Protection: By default, Ninja Forms stores files in wp-content/uploads/ninja-forms/. It is highly recommended to use an .htaccess rule or a robots.txt entry to prevent search engines from indexing sensitive user uploads.
Vulnerability History: Like many major plugins, it has faced security patches in the past (e.g., CVE-2024-1596 regarding Cross-Site Scripting). Always ensure you are running the latest version (currently 3.3.x or higher) to protect against known exploits.
Sanitization: The plugin automatically sanitizes file names to remove dangerous characters, but you should still limit “Allowed File Types” to only what is strictly necessary.
