The invention discloses a security mechanism for defending a file upload vulnerability and an implementation method thereof. The security mechanism relates to a client and a Web application server, wherein on the client, the design of a PHP safety plug-in is carried out for a browser, so that a tagged file can be effectively parsed and executed by the browser; and on the Web application server, inaddition to the Web application service platform, a publishing platform, a PHP processing program and local file storage and other parts of the PHP safety plug-in are added to prevent the file uploadvulnerability from running from the source. According to the security mechanism for defending file upload vulnerability provided by the invention, a file header labeling technology is used, the fileupload vulnerability problem is solved, the security threat caused by the file upload vulnerability is eliminated, and the security of the Web application service system is improved to a certain extent.