Skip to main content

WordPress Chat File Sharing: Images, Videos, Documents

· 6 min read
Andrij Tkachenko
Creator of Better Messages

A messaging plugin that cannot share files is barely a messaging plugin in 2026 — members expect to drag an image into a chat the way they would in WhatsApp, send a 50MB video without worrying about the connection dropping, and trust that the file is not accessible by random visitors guessing URLs. Better Messages handles all of that: drag-and-drop attachments, resumable TUS uploads for large files, browser-side image and video optimization (WebAssembly), automatic EXIF / GPS stripping, and proxy-based file access protection.

What you can share

Every common file type, with optional whitelisting:

  • Images — JPEG, PNG, BMP, TIFF, WebP, AVIF, HEIC/HEIF (iPhone photos), SVG, ICO. Optionally converted in-browser to AVIF / WebP / JPEG before upload.
  • Videos — MP4 (passthrough), MOV / AVI / WMV / MKV (auto-converted to MP4 in browser via FFmpeg WASM).
  • Documents — PDF, DOCX, XLSX, PPTX, TXT, CSV, ZIP, anything you whitelist.
  • Audio — MP3, WAV, OGG, M4A, plus voice notes when the Voice Messages add-on is installed.

Drag-and-drop, paste-from-clipboard, click-the-paperclip — all three work. Mobile devices also expose a webcam-photo capture button so members can snap and send without leaving the chat.

Resumable uploads for large files (TUS)

The hard part of "share a 200MB video in a chat" is connection drops mid-upload. Better Messages supports the TUS resumable upload protocol: large files are uploaded in chunks, and an interrupted upload resumes from where it stopped instead of restarting at 0%.

Two upload methods are available:

MethodWhen to use
Standard POSTDefault. Limited by PHP upload_max_filesize / post_max_size. Fine for files under ~50 MB on most hosts.
TUS (resumable)Recommended for media-heavy sites. Bypasses PHP upload size limits. Some hosts with aggressive WAF rules block TUS — test first.

Client-side optimization (no extra server load)

The biggest file-sharing performance trap is your server doing the optimization. Better Messages flips it: optimization happens in the user's browser via WebAssembly before the file leaves their device.

  • Images are converted to AVIF → WebP → JPEG (best format the browser supports), with optional max-resolution downscaling.
  • Videos (MOV / AVI / WMV / MKV) are converted to MP4. The fast path is a remux (container change without re-encoding) which completes almost instantly for H.264-encoded MOV files — typical iPhone recordings. Fall back to a full transcode for older codecs.
  • HEIC iPhone photos are always converted to JPEG (browsers cannot display HEIC natively) via the libheif WASM decoder.

The server receives an already-optimized file. No CPU spike on your origin.

Privacy: EXIF / GPS / metadata stripping

When metadata stripping is enabled (default), uploaded images and videos have their EXIF data, GPS coordinates, and camera information removed before they reach the server. Members never accidentally share their home address by sending a photo.

  • Images — metadata stripped during browser-side conversion. Server-side fallback uses WordPress's image editor (Imagick / GD).
  • Videos — metadata stripped by FFmpeg's -map_metadata flag during browser conversion.

File access protection (the proxy)

By default, uploaded files live in your WordPress uploads directory with predictable URLs. Better Messages' File Proxy routes every attachment URL through your WordPress server, which checks the requester's permission against the thread participants before serving the file. Direct URLs are blocked.

Four proxy methods:

MethodPerformanceWhen to use
PHPSlowestUniversal fallback, works everywhere
X-SendfileFastApache with mod_xsendfile
X-Accel-RedirectFastNginx (requires an internal location block)
LiteSpeedFastLiteSpeed Web Server

For high-traffic sites, use X-Sendfile / X-Accel-Redirect / LiteSpeed instead of PHP — PHP serves files using readfile(), which is CPU- and memory-heavy at scale.

Attachments browser

Every conversation has an Attachments tab in the details panel showing every file shared in that thread — for finding "that PDF from last month" without scrolling the chat. Files are grouped by type (images, videos, documents, audio).

Auto-delete old attachments

For sites with disk-space concerns or compliance retention rules, attachments can be auto-deleted after N days. Set in Settings → Attachments → Attachment Retention. Default: keep forever.

Installing file sharing

File sharing is part of the core plugin — no separate install. To configure:

  1. WP Admin → Better Messages → Settings → Attachments
  2. Enable file sharing if it is off
  3. Pick the upload method (Standard POST for small files, TUS for large)
  4. Set max file size and per-message file count
  5. Whitelist allowed file extensions
  6. Turn on image / video optimization and EXIF stripping (recommended)
  7. Optionally enable the file proxy with your hosting's optimal method

Free vs WebSocket version

File sharing works on both versions. Differences:

FeatureFree versionWebSocket version
Drag-and-drop attachmentsyesyes
TUS resumable uploadsyesyes
Client-side image / video optimizationyesyes
EXIF / GPS / metadata strippingyesyes
File access proxy (PHP / X-Sendfile / X-Accel / LiteSpeed)yesyes
Real-time delivery of attachment messagespollinginstant
Web push notifications for new attachmentsyes
End-to-end encrypted attachments (E2E threads)yes

Frequently asked questions

Will uploaded files appear in the WordPress Media Library?

By default no — attachments are hidden from the WP Media Library to avoid cluttering it with chat files. You can flip this off in the settings if you want attachments visible there.

What is the maximum file size?

Configurable. With Standard POST, you are bounded by your hosting's PHP limits (typically 32MB–128MB). With TUS, the limit is whatever you configure in the plugin — most sites run TUS at 500MB–2GB per file.

Does it work on shared hosting?

Yes. Standard POST works everywhere; TUS works on most modern hosts. Some aggressive shared-hosting WAFs block TUS — fall back to Standard POST if you see TUS uploads failing.

Can different roles have different file size limits?

The basic settings are global, but a custom filter can apply per-role caps. Many sites use this to give paid members larger upload limits than free members.

Are attachments encrypted when E2E is enabled on a thread?

Yes — see End-to-end encrypted messaging on WordPress. Files in an E2E thread are encrypted in the sender's browser before upload and decrypted in the recipient's browser before download.

See also

Install Better Messages from WordPress.org →