SVG logo


My client wants an svg logo, so i cannot have it trough the customizer

Last time i add a logo image by code, the home link was not working.

So what would be the best way to have it ?

Hi Alex,

WordPress doesn't support SVG upload by default, mostly for security concern. If you really want to add support for it, here is a code snippet you may use to do so:

add_filter( 'upload_mimes', 'example_svg_support' );

function example_svg_support( $mimes ) {
    $mimes['svg'] = 'image/svg+xml';

    return $mimes;

Happy coding,

Yes i know that, and i know the snippet.

As i know the security issues, i don't want to add the logo trough the customizer uploads, but by code, but last time i did that, the home link was not working...

Solved πŸ™‚

//add svg logo
beans_remove_output( 'beans_site_title_text' );
beans_add_smart_action( 'beans_site_title_link_prepend_markup', 'wst_display_logo' );
function wst_display_logo() { ?>
<img src="<?php echo CHILD_IMG; ?>logo.svg"
<?php }

Great Alex, glad to here you find the solution. Quick note, you can simply use add_action when doing your modifications unless you want to condition the chain and make it modifiable further. Also remember to escape attributes properly.

Here is the re-visited snippet applying my feedback above:

// Remove site title text.
beans_remove_output( 'beans_site_title_text' );

// Add svg logo.
add_action( 'beans_site_title_link_prepend_markup', 'wst_display_logo' );
function wst_display_logo() {
  ?><img src="<?php echo esc_url( CHILD_IMG . 'logo.svg' ); ?>" alt="logo"><?php

Happy coding,


Thank you, i took habit to use beans_add_smart_action, as it is as easy to write and always usefull if i need to use the markupid

I didn't know that i have to escape attributes when i put images, i thought it was only for custom fields.

Or for things that comes from the database

Do i need to do that for all my images ? or is it only for svg ?

The escaping thing, is something i never fully understood, i am applying it, but not really undrestanding it.

And for exemple when i have a rich text custom field i don't know with what i can escape, as as soon i put an excape i cannot have html inside my text.

Hey Alex,

The rule is quite simple when you are unsure, all PHP (you are unsure about) which is in HTML should be escaped. When it comes to rich text, you can use WP Core functions such as wp_kses_post() which will prevent all maliscious code to be output (same restriction as the WordPress post editor).

The reason why so many people are confused about escaping and sanitizing is simply because there isn't one answer for everything. That said, it is an important aspect of building secure websites and I think it would be a fantastic subject for Tonya to cover at knowthecode (hopefully one day she will leave Genesis behind lol).

Please let me know if she is going (or perhaps already did) a tuturial about that which I will definitely share πŸ˜‰


Thank you! Tonya answered me briefly about that, but yes i would like to have a complete course about it....

Write a reply

Login or register to write a reply, it's free!