Choose another country or region to see content specific to your location and shop online.
USA

How to Fix Sorry, This File Type Is Not Permitted for Security Reasons Error in WordPress

Picture of William Bacchus
William Bacchus

Published: April 2, 2024

Last updated: April 2, 2024

Table of Contents

“Sorry, this file type is not permitted for security reasons”

Encountering the “Sorry, this file type is not permitted for security reasons” error while attempting to upload a file to your media library can be frustrating. However, there are effective solutions available to resolve this issue and restore functionality to your WordPress site. This article will delve into the reasons behind this error’s occurrence in WordPress and provide easy solutions to overcome it, allowing you to upload files without any issue. Let’s dive in and address this challenge together!

What causes the Sorry, This File Type Is Not Permitted for Security Reasons Error in WordPress?

WordPress restricts the types of files you can upload to your site by default, primarily for security purposes. This means you can only upload “basic” and “standard” files to your media library. When attempting to upload a file type not supported in WordPress, you encounter the “Sorry, This File Type Is Not Permitted for Security Reasons” error message.

For security reasons, WordPress confines file uploads via the site’s admin to specific types such as images, videos, documents, and audio. By default, the permissible file types for upload include:

For images:

  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico

For videos:

  • .mp4
  • .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2

For documents:

  • pdf
  • .doc
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd

For audio:

  • .mp3
  • .m4a
  • .ogg
  • .wav

If you attempt to upload a file type not included in the above list, you’re likely to encounter the “Sorry, this file type is not permitted for security reasons” error message. Or, you may see the message “[filename] has failed to upload.”

For instance, if you’re trying to incorporate custom fonts into your WordPress site, you might be uploading custom font files in the .ttf and/or .woff formats. However, since these formats aren’t permitted by default, WordPress will display the “Sorry, this file type is not permitted for security reasons” error instead of allowing the upload. Here’s an example showcasing an attempt to upload a .woff file to our test site:

Now, let’s get take a look at how you can fix this error, and freely upload varying media types to your WordPress website.

How to fix the Sorry, this file type is not permitted for security reasons error on your WordPress website

There are two methods you could use when fixing the Sorry, this file type is not permitted for security reasons error. The first of these involves editing your website’s wp-config.php file. The second can be achieved from the use of a free WordPress plugin.

But before we get into this, here’s a few things you should always double check:

Check your file type extension:

Before making any adjustments to your WordPress settings or files, it’s essential to examine the file extension of the item you’re attempting to upload. There’s a possibility that you may have inadvertently altered the extension while saving the file. Therefore, the issue you’re encountering isn’t related to your wp-config.php or functions.php file but rather stems from attempting to upload an image in a video format. Your file name may then look something like “imagename.avi”.

This is an easy fix, as it does not involve any troubleshooting on your website. The next thing to check is slightly more complex, but still easy to accomplish.

Check your multisite network settings:

If you’re operating a multisite installation, which involves a network of sites sharing the same WordPress core files, expanding the list of permitted file types is straightforward.

To incorporate a new file type, navigate to Settings > Network Settings in your dashboard. Scroll down to Upload Settings. In the designated input field beside Upload file types, insert the extension for the desired file type you wish to enable. Finally, make sure to save any changes made.

Remember, that if you have a single-site WordPress download, you won’t be able to find this option. You’ll have to use one of the methods below.

1. Edit your wp-config.php file to upload any file type

Enabling the upload of any file type to your site involves adding a single line of code to your wp-config.php file. While the process is straightforward, it’s advisable to create a backup of your wp-config.php file before proceeding. Even minor errors in this file can render your site inaccessible.

After creating a copy of your wp-config.php file, follow the steps below to allow the upload of any file type:

  1. Through your hosting control panel, access your file manager.
  2. Open the public_html folder.
  3. Right click the wp-config.php file, then select edit.
  4. Head to the bottom of the file.
  5. After the line of code which reads /*That’s all, stop editing! Happy blogging. */, paste the following:
define('ALLOW_UNFILTERED_UPLOADS', true);
  1. Save your changes.
  2. Re-login to WordPress, and try to upload your file again. It should now be working.

This is pretty easy to do, and provides a great solution. However, if you have many people on your site uploading files, you might want to specify which type of files can be uploaded and which can’t. This will be especially helpful if you are trying to keep your website more secure. If that’s the case, see the step below:

Edit your theme’s function.php file to specify the permitted file types

By using the Upload_Mimes Filter, you can pick and choose the files types you want to allow on your website.

  1. From your hosting control panel, access the File Manager.
  2. Open the wp-content folder.
  3. Then, press on the themes folder.
  4. Find and right-click on the functions.php file, and then select edit.
  5. Head to the bottom of the code, and paste in the following:
function my_custom_mime_types( $mimes ) {
 
// New allowed mime types.
$mimes['svg'] = 'image/svg+xml';
$mimes['svgz'] = 'image/svg+xml';
$mimes['doc'] = 'application/msword';
 
// Optional. Remove a mime type.
unset( $mimes['exe'] );
 
return $mimes;
}
add_filter( 'upload_mimes', 'my_custom_mime_types' );

Please be aware that the provided code enables the upload of SVG and SVGZ files. Depending on your requirements, you can modify or include additional MIME types within this code snippet. While experienced users may comfortably incorporate code into their functions.php or wp-config.php files, beginners might find it challenging. In such instances, utilizing a WordPress plugin is an alternative solution.

Use a free plugin to allow files types to be uploaded to your WordPress website

If you’re hesitant to directly edit your wp-config.php or functions.php files, there’s an alternative option of using a plugin to manage permitted file types on your website. Two recommended plugins for this purpose are WP Add Mime Types and File Upload Types by WPForms. Both plugins are freely available in the official WordPress directory and enjoy high ratings. However, the File Upload Types plugin is particularly user-friendly for beginners. Here’s how to use it:

  1. Head to plugins and press add new.
  2. Search for File Upload Types.
  3. Install the plugin that looks like this:
  1. Activate the plugin.
  2. Hover settings, and then press File Upload Types.
  3. Select the boxes next to the file types you want to allow for your website.
  1. If you can’t find your file, then add a custom file type at the bottom.
  2. Remember to save your settings.
  3. Now, try to upload your file type again.

Keeping your files and website secure

Although there are methods to avoid the “sorry, this file type is not permitted for security reasons” error, it’s crucial not to disregard the security concerns that come with WordPress websites. WordPress limits the types of files you can upload precisely because permitting any file type would increase the vulnerability of your site to malicious bots and hackers seeking to introduce malware.

Therefore, we strongly advise specifying the file types you wish to allow, rather than leaving your website susceptible to any file format. Additionally, consider restricting users with lower roles from uploading files to your site. Furthermore, exercise caution by exclusively uploading plugin and theme files sourced from reputable sources, as these files frequently serve as entry points for compromising WordPress sites. Conduct regular malware scans to detect any harmful code that may have infiltrated via uploads.

For further strategies to safeguard your site against hacking attempts, please refer to our blog posts on WordPress security.

Final thoughts

Encountering a “sorry, this file type is not permitted for security reasons” error can be annoying for both site administrators and users alike. However, the positive aspect is that following these steps can either rectify the error or grant you the ability to manage the file types you can upload— all while maintaining the security integrity of your WordPress site.

Sign up for free news, tips & offers

Your email is safe with us, we don't spam.

Picture of William Bacchus
William Bacchus
Will joined the Elite team in 2021. He has a background in content writing as well as a keen interest in media journalism. His interests include taijutsu and a immense passion for film and television. He aims to inform as many people as he possibly can about the vast and often confusing nature of web design!

Leave a Reply

Your email address will not be published. Required fields are marked *

Reseller login

If you’re a reseller, use the button below to sign in. (your reseller account is separate to your regular account)

New customer

New to ELITEWEB.Co? Create an account to get started today.

Registered users

Have an account? Sign in now.

Sign up to our newsletter for the latest news + a Free WordPress Guide

NEWSLETTER