How to Fix the "Sorry, This File Type Is Not Permitted for Security Reasons" Error in WordPress (2024 Guide)

It‘s a scenario many WordPress users have faced – you attempt to upload a file to your website only to be met with a confusing error message: "Sorry, this file type is not permitted for security reasons."

Despite how alarming it may sound at first, this common WordPress error doesn‘t necessarily mean your site has been compromised or infected with malware. In most cases, it simply indicates you tried uploading a file format that WordPress doesn‘t allow by default.

In this comprehensive guide, we‘ll explain exactly what causes this error and provide you with multiple solutions to resolve it on your WordPress site. We‘ll also discuss important security considerations to keep in mind when allowing additional file types. Let‘s dive in!

Why Does the "File Type Not Permitted" Error Occur?

To protect your website from potential security threats, WordPress restricts the types of files that can be uploaded out-of-the-box. This whitelist of permitted file types, technically known as MIME types, includes:

Images

– .jpg
– .jpeg
– .png
– .gif
– .ico

Documents

– .pdf
– .doc, .docx
– .ppt, .pptx, .pps, .ppsx
– .xls, .xlsx
– .psd

Audio

– .mp3
– .m4a
– .ogg
– .wav

Video

– .mp4, .m4v
– .mov
– .wmv
– .avi
– .mpg
– .ogv
– .3gp
– .3g2

Whenever you attempt to upload a file with an extension that‘s not on this list of allowed MIME types, WordPress will block the upload and display the "Sorry, this file type is not permitted for security reasons" message. This default setting helps prevent malicious files from being uploaded that could potentially wreak havoc on your site.

While the error most commonly occurs when uploading an unsupported file type, it can also appear even when uploading permitted formats in certain scenarios. We‘ll explore some of those cases and their solutions below.

How to Fix the File Type Not Permitted Error (6 Methods)

There are multiple ways to resolve or bypass the "Sorry, this file type is not permitted for security reasons" error in WordPress. Depending on your specific use case and technical expertise, certain solutions may be preferable to others.

Let‘s walk through six different methods you can use to allow uploading additional file types in WordPress:

Method 1: Double Check the File Extension

Before attempting more technical workarounds, first verify that the file you‘re uploading has the correct extension. In some cases, the file type may be permitted but the extension was changed inadvertently, causing the error.

For example, trying to upload a JPG image file that was incorrectly saved with a .png extension would trigger the error. Always double check that the file extension matches the actual file type before proceeding with other solutions.

Method 2: Update Your WordPress Multisite Network Settings

For those running a WordPress multisite network, you can easily add support for additional file types through the Network Admin dashboard.

In your Network Admin area, navigate to Settings > Network Settings. Scroll down to the Upload Settings section and you‘ll see an input field labeled "Upload file types." Here you can specify any additional file extensions you want to allow, separated by spaces. Be sure to include the leading dot before each extension.

After adding your desired extra file types, click "Save Changes" at the bottom of the page. The new permitted extensions will now be allowed for upload on all sites across your network.

Note that this option is only available for WordPress multisite installations. If you‘re running a regular single site, you‘ll need to use one of the other methods.

Method 3: Edit wp-config.php to Allow All File Types

If you want to allow any and all file types to be uploaded to your WordPress site, you can add a line of code to your wp-config.php file. This method will effectively bypass the file type restrictions entirely.

To do this, access your WordPress site‘s files through FTP/SFTP or your hosting control panel‘s file manager. Always make a complete backup of your site files first!

Open the wp-config.php file for editing. Towards the bottom of the file, look for the comments line / That‘s all, stop editing! Happy publishing. /. Add the following code block right above that line:

define(‘ALLOW_UNFILTERED_UPLOADS‘, true);

Save the modified file and upload it to your server, overwriting the original. After this change, WordPress will allow you to upload any file type without restrictions.

However, use this with extreme caution! Removing all file type restrictions opens up major security risks, as it becomes possible for malicious files to be uploaded. We strongly recommend using this only in rare circumstances and on development environments, not on live production sites.

Method 4: Modify functions.php to Allow Specific File Types

For a more targeted approach, you can specify certain additional file types to allow by adding code to your active theme‘s functions.php file. This gives you more fine-grained control compared to the "allow all" method.

To do this, open your theme‘s functions.php file and paste in the following code block towards the bottom before the closing ?> tag:

function custom_upload_mimes( $existing_mimes ) {
// Add desired extensions and their MIME types here
$existing_mimes[‘svg‘] = ‘image/svg+xml‘;
$existing_mimes[‘zip‘] = ‘application/zip‘;

return $existing_mimes;
}
add_filter( ‘upload_mimes‘, ‘custom_upload_mimes‘ );

In the example above, we‘re adding support for .svg and .zip file uploads. Modify or expand the $existing_mimes array to include any other file extensions and MIME types you want to allow.

Once you‘ve added your custom code, save functions.php and re-upload it to the server if editing remotely. Your site will now permit uploading any additional file types specified here.

Method 5: Install a Plugin to Allow Additional File Types

For those not comfortable editing WordPress files directly, using a plugin is an easy way to allow extra file types. There are several free plugins available that add an interface in the WordPress admin area to toggle allowed extensions.

Some popular options include:

• WP Extra File Types
• File Upload Types
• WP Add Mime Types

The setup process is similar for most plugins of this type:

1. Install and activate the plugin through your WordPress admin dashboard
2. Navigate to the plugin‘s settings page, usually located under the Settings menu
3. Select any additional file extensions you want to allow from the list of available options
4. Save your changes

After configuring your chosen plugin‘s settings, uploads of your newly allowed file types should work without the error message appearing.

Method 6: Contact Your WordPress Host for Assistance

If you‘ve tried multiple methods for allowing your desired file type but still encounter the error, it‘s worth reaching out to your WordPress hosting provider‘s support.

It‘s possible that your hosting environment has security rules in place that restrict certain file uploads even beyond WordPress‘s default settings. In that case, you may need your host‘s assistance to modify server configurations before you can successfully upload the file type in question.

WordPress File Upload Security Best Practices

While it‘s relatively straightforward to allow additional file types in WordPress, it‘s important to understand the security implications. Expanding the list of permitted file extensions inherently introduces more risk to your site.

Hackers can disguise malware or other malicious code inside innocent-looking file types like images or PDFs. If a harmful file is successfully uploaded to your WordPress hosting environment, it could be used to compromise your site or even infect your visitors.

To minimize the risks associated with allowing unrestricted file uploads, keep these WordPress security best practices in mind:

• Only permit file types you absolutely need for essential functionality. Avoid the "allow all" approach unless strictly necessary.
• If possible, only give upload permissions to trusted user roles like administrators. Don‘t allow untrusted users or user-submitted content to include file uploads.
• Implement file upload scanning to detect and block potential threats. Several WordPress security plugins offer this functionality.
• Always keep your WordPress core, themes, and plugins updated to ensure you have the latest security patches and fixes.
• Back up your WordPress site regularly so you can quickly recover in the event of a security incident.

By combining smart file upload permissions with other WordPress hardening best practices, you can allow uploading diverse content to your site while mitigating common security risks.

Uploading with Confidence in WordPress

The "Sorry, this file type is not permitted for security reasons" error in WordPress can be perplexing, especially when encountered unexpectedly. But once you understand what causes it, you can implement the right solution for your particular needs.

Whether it‘s adjusting settings in your multisite network, strategically editing your site‘s files, or installing a purpose-built plugin, you have multiple options for allowing additional file types on your WordPress website.

That said, it‘s wise to restrict file uploads as much as your requirements allow to maintain strong WordPress security. Carefully consider the tradeoffs before expanding upload permissions, and always adhere to security best practices to keep your site safe.

By following the guidance in this article, you‘ll be able to confidently fix the file type error in WordPress while preserving the integrity of your website. Here‘s to smooth uploading ahead!