Should You Use .svg Images in WordPress Posts?

Graphics make blog posts and web pages better. A picture is worth a thousand words—but including pictures on the web is harder than it should be. There is a whole alphabet soup of formats, graphic features such as transparency, different resolutions and the dreaded browser compatibility. Wouldn’t it be nice if creating and publishing graphics was as straight-forward as publishing text?

New and Improved: .svg or Scalable Vector Graphics

.svg images WordPress

.svg images in WordPress are here! This is the official .svg logo (in .svg format) served up from this blog’s media library using the Safe SVG plugin.

I’ve been tracking .svg for some time. .svg format stands for “scalable vector graphic,” which is described in a W3C specification. The format provides a modularized language for describing two-dimensional vector and mixed vector/raster images.

As of February 2017, .svg delivers numerous advantages for designers and developers alike. .svg images are supported by most browsers. The files are tiny compared to it’s .png and .jpeg brethren. And there are multiple tools, including my favorite graphic design tool, Sketch 3, that save files to the .svg format.

The advantages of .svg come from an industry standard format that comprises (1) vector graphic shapes (e.g., paths consisting of straight lines and curves), (2) raster images and (3) text that display beautifully in all modern browsers. In other words, the .svg image file contains instructions for rendering images at any resolution rather than compressed rasters. And for the designer and webmaster, this means you have a single tiny file to manage rather than exporting 1x, 2x and 4x versions from a graphic tool which need to be managed in a CDN or media library and delivered to desktop, mobile and retina displays based on the viewport setting…very, very complex.

With the advantages of broad compatibility, tiny files and simplicity, it’s time to make a switch. Or is it?

.svg Images in WordPress…Not For the Masses…Not Yet

As of February 2017, WordPress doesn’t officially support .SVG images. Sure it’s easy to enable SVG in your WordPress instance through a function or a plugin. But if it’s easy to support the .svg image format, why isn’t support included in WordPress core?  The answer: security.

It turns out that the .svg format is more of a document format than an image format. That means you can embed all sorts of things in a .svg file. This includes JavaScript. So that seemingly benign graphic could easily contain a not-so-benign script that hijacks visitors, data and web experiences. Not so good. And with 25% of the web running on WordPress, the core development team prioritizes security and reliability over simplicity. The four years of engineering debate is visible to all in WordPress Trac ticket 24251.

.svg Images in Controlled WordPress Sites: Bring On .svg!

In sites where only skilled web designers and publishers with a strict file chain of custody procedure, the advantages of .svg can be realized today. For security, I strongly recommend that you think twice about deploying .svg support by hacking the functions.php file and or using the less secure plugins that you can easily find in the WordPress Plugin Directory.

Instead, focus first on training and procedures to mitigate potential risks from .svg. Just as you wouldn’t let anybody upload JavaScript to your site, you shouldn’t let just anyone upload .svg files to your site. The first and safest approach is to let savvy designers include .svg files in theme assets:

  1. Produce your own .svg files or review code in files provided by others
  2. Run the .svg file through a sanitizer, like DOMpurify
  3. Save the resulting code locally.
  4. Add the .svg file to your CDN or production file system
  5. Directly reference the sanitized file with CSS or HTML code <img src="/blah/file.svg" />

How About Media Libraries?

Enabling the media library opens more risk. If you are ready to limit access to the media libary using WordPress user roles, the risks should be manageable. There is one .svg plugin I can recommend today: Safe SVG by Daryll Doyle. It not only enables the .svg mime type for the media library, but it sanitizes .svg files on upload. The plugin is young but works. And developer Daryll Doyle is actively developing Safe SVG. He deserves our support!

.svg has a bright future for web publishers who value great user experiences with content and compatible graphics files that are simple to manage. Let’s embrace a secure future for SVG and WordPress.

This Novice Built a Responsive WordPress Theme in a Day—And So Can You

Screenshot of article in responsive wordpress theme

A post from Bill Freedman’s Soon to be a Major Trend viewed from an iPhone using the new WordPress Responsive Theme

How cool is it that a marketing leader and data nerd with modest web development skills can, all by his lonesome, bring a WordPress blog/website into the modern era in under a day? That’s just what I did.

I’m pretty darn happy with the new look of Bill Freedman’s Soon to be a Major Trend. I started this site in 2006 when table layouts were the bomb. My last major change was in 2008 when I started using the MistyLook theme by Satish. Browse through the pages and posts. Read the articles and view the images. Leave comments. Did you have a good experience with my spiffy new theme and the pre-existing content? Did you find something I should fix? Please leave comments below.

I’m amazed at how little effort was needed for browser and platform accommodations in this era of fragmented computing platforms. This site with its Responsive WordPress Theme looks good to me on an Android phone, a Windows PC, an iPad as well as a MacBook Pro running Chrome  that was used for “development.”

Responsive WordPress Theme Development Shout-outs

While the make-over only consumed about a day of my labor, my success clearly benefited from the innovation, creativity and contributions from many others. As Isaac Newton said, “If I have seen further it is only by standing on the shoulders of giants.” I’d like to give heart-felt shout-outs to a number of sturdy-shouldered giants who saved me time, effort and frustration:

  • WordPress—It was a great piece of software when I got started blogging in 2006, and I’ve been a user and trusting fanboy ever since. WordPress has become an incredible content management system (CMS) backed by an industry and ecosystem devoted to helping the world create flexible web sites. The platform has evolved to support HTML5, CSS3, responsive design, security, scalability and a whole lot more. All this without making me edit my previously created content.
  • Automattic—The commercial sponsor of WordPress contributed to my site in countless ways, from sponsoring development of core WordPress features to essential plug-ins like Akismet to driving standards in theme development.
  • Ian Stewart—The original Theme Shaper and now an Automattic employee. I found Ian’s Thematic framework in 2008 and have been learning from him ever since. While I’m not a PHP coder or theme developer, his well-commented themes and blog posts taught me that themes matter. While I didn’t dabble with the latest in themes on this site, my clients’ sites benefited from his contributions, teachings about functions and child themes, and now from Underscores (_s), which is the starter theme for this site.
  • Anonymous Media Query Author—Somewhere at sometime I found a set of WordPress- and _s-ready media queries. I don’t remember who wrote this code. I hope I’m not violating your license. I just added the media queries to my style.css file and—poof—my site was responsive.
  • Yoast—Joost de Valk and the Yoast team have created numerous reliable plug-ins and training that help my content get found. It’s not enough to have a pretty and responsive WordPress theme. Your site and content needs to be found, read and responded to. WordPress SEO by Yoast helps the SEO and writing process for authors and does the behind the scenes work to make your content irresistible to Google and Bing.
  • Font Awesome—I’m a fan of this set of well designed icons and happy to include them as a core part of my new look and feel. The style sheet and plug-in (by Rachel Baker) made integration of the icons-as-font easy. I also like that the associated .pdf enables me to use the icons as scalable images in derivative works.

I could go on. But rather than blindly take my recommendations, just get started with updating your own theme. One piece of advice: don’t do theme design on your production blog. Do it on a local WordPress instance, which isn’t that hard to set up and manage. All you really need are some free tools, intermediate knowledge of CSS3 and comfort configuring advanced things on your desktop. I have a Mac, so I’ll help you out with tools for Mac:

  • A MAMP stack-Mac OS, Apache, MySQL and PHP-to run WordPress. One preconfigured download is MAMP.
  • A MySQL admin tool to export/import your content between production and development. I use SequelPro
  • A text editor. I like Sublime Text which isn’t free. TextWranger is a good choice that’s free.
  • An FTP browser. My choice is Cyberduck.
  • WordPress
  • A starter theme. I used Underscores.

Perhaps you’ll go the Underscores route as I did or perhaps you’ll purchase a ready-to-use responsive WordPress theme. It doesn’t matter. Get your site onto the WordPress platform and take advantage of the wealth of resources that can take your site from good to great.