Title: Disabling uploads
Last modified: August 18, 2016

---

# Disabling uploads

 *  [Edd](https://wordpress.org/support/users/edd/)
 * (@edd)
 * [20 years, 5 months ago](https://wordpress.org/support/topic/disabling-uploads/)
 * How can I completely remove the upload field from the post page? I’ve looked 
   at post.php and can’t find the code for the uploader anywhere! I want to remove
   because it’s a multi user blog and I don’t have the space to allow uploads. Plus
   WordPress 2.0 won’t give me any options what so ever as to limit the size of 
   files, allowed files, or those who are allowed to upload.
    thanks!

Viewing 12 replies - 1 through 12 (of 12 total)

 *  [Arlo](https://wordpress.org/support/users/arlo/)
 * (@arlo)
 * [20 years, 5 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308321)
 * Comment out line 220 in “/wp-admin/edit-form-advanced.php” and line 184 in “edit-
   page-form.php”.
 *  Thread Starter [Edd](https://wordpress.org/support/users/edd/)
 * (@edd)
 * [20 years, 5 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308329)
 * Thanks for the reply. I just managed to get the uploads working properly.. so
   how do I set the maximum file size for uploads?
 *  [Arlo](https://wordpress.org/support/users/arlo/)
 * (@arlo)
 * [20 years, 5 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308341)
 * Sounds like you want this: [http://www.ilfilosofo.com/blog/old-style-upload/](http://www.ilfilosofo.com/blog/old-style-upload/)
 *  Thread Starter [Edd](https://wordpress.org/support/users/edd/)
 * (@edd)
 * [20 years, 5 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308346)
 * Ahh that’s great, thanks a lot Arlo!
 *  [serialdeviant](https://wordpress.org/support/users/serialdeviant/)
 * (@serialdeviant)
 * [20 years ago](https://wordpress.org/support/topic/disabling-uploads/#post-308902)
 * I have a similar question.
 * Oh, and line 220 on edit-form-advanced is ` <input name="publish" type="submit"
   id="publish" tabindex="5" accesskey="p" value="<?php _e('Publish') ?>" /> ` and
   line 184 in edit-page-form is blank. I’m not sure these are the right lines to
   comment out.
 * Should it be
 * `<?php
    if (current_user_can('upload_files')) { $uploading_iframe_ID = (0 == 
   $post_ID ? $temp_ID : $post_ID); $uploading_iframe_src = wp_nonce_url("inline-
   uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
   $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
   if ( false != $uploading_iframe_src ) echo '<iframe id="uploading" border="0"
   src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.').'
   </iframe>'; } ?>
 * (Lines 236-246 and 198-208 respectively).
 * I’m not a PHP coder, so if someone could take pity on me and actually explain
   if I need to comment out ALL the lines (as in, insert `//` at the start of each
   line) or just the first one, then if I can delete the inline-uploading PHP file
   from the server?
 * My web host has told me that it can be a break in point for hackers and I was
   hacked 4 times in 2 days.
 * Andrea
 *  [serialdeviant](https://wordpress.org/support/users/serialdeviant/)
 * (@serialdeviant)
 * [20 years ago](https://wordpress.org/support/topic/disabling-uploads/#post-308903)
 * HELP! My site has been hacked again and I really need an answer to this question
   before I wipe my account and start afresh!
 *  [maerk](https://wordpress.org/support/users/maerk/)
 * (@maerk)
 * [20 years ago](https://wordpress.org/support/topic/disabling-uploads/#post-308904)
 * I have a plugin that removes the inline uploader, that might help you.
 * [http://beingmrkenny.co.uk/blog/2006/01/remove-inline-uploader/](http://beingmrkenny.co.uk/blog/2006/01/remove-inline-uploader/)
 * It does depend on how the hackers are getting in.
 * Have you filed a bug report? Security issues are usually a matter of some urgency.
 * [http://codex.wordpress.org/Submitting_Bugs](http://codex.wordpress.org/Submitting_Bugs)
 *  [serialdeviant](https://wordpress.org/support/users/serialdeviant/)
 * (@serialdeviant)
 * [20 years ago](https://wordpress.org/support/topic/disabling-uploads/#post-308905)
 * I have checked out your plugin, and plan to use it (way ahead of you there, hehe),
   along with deleting the inline-uploading.php file altogether (after the account
   has been reset, as it were).
 * Most unfortunately, I’m not technical enough to work out if that is the real 
   problem – I’m just trying to cover all the bases.
 *  [maerk](https://wordpress.org/support/users/maerk/)
 * (@maerk)
 * [20 years ago](https://wordpress.org/support/topic/disabling-uploads/#post-308906)
 * Did your hosts give you any more information about the attack? See if they know
   where the vulnerability lies, exactly.
 *  [serialdeviant](https://wordpress.org/support/users/serialdeviant/)
 * (@serialdeviant)
 * [20 years ago](https://wordpress.org/support/topic/disabling-uploads/#post-308907)
 * All they said was hacks normally happen to their customers who have PHP scripts
   that allow file uploading. They said they could not find out how it was happening.
 * That was after I escalated it to management – earlier, all they said was ‘Your
   scripts are outdated, you need new ones.’ When I asked exactly which scripts,
   I was greeted with a stunning silence. That’s when I decided to escalate.
 * Is it possible for a hacker to insert malicious code into a database entry, and
   get in from there? I’m trying really hard to work out what is the cause / minimise
   the likelihood of it happening again.
 *  [serialdeviant](https://wordpress.org/support/users/serialdeviant/)
 * (@serialdeviant)
 * [19 years, 12 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308908)
 * I have run the disable inline uploading plugin and not uploaded the inline-uploading.
   php file. The account was wiped and I started from scratch (after restoring the
   database, of course). So it’s not been hacked yet. But we’ll see.
 *  [rathjaus](https://wordpress.org/support/users/rathjaus/)
 * (@rathjaus)
 * [19 years, 7 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308924)
 * You can also use what is written here: [http://blogs.securiteam.com/index.php/archives/658](http://blogs.securiteam.com/index.php/archives/658)
   which will get rid of the option in future versions as well.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Disabling uploads’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 12 replies
 * 5 participants
 * Last reply from: [rathjaus](https://wordpress.org/support/users/rathjaus/)
 * Last activity: [19 years, 7 months ago](https://wordpress.org/support/topic/disabling-uploads/#post-308924)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics