So, y'all simply tried to upload a file to your WordPress website and, instead of successfully uploading, you received an error bulletin that said, "Sorry, this file type is not permitted for security reasons."

Your first instinct might be to panic. Did y'all just almost upload a corrupted file to your site? Was it malware? Is your site compromised now?

Don't worry — while this message might seem ominous, information technology just ways that WordPress does not support the file blazon you tried to upload. In this mail, nosotros'll examine what causes this error message and look at a few free and easy ways to resolve it.

Grow Your Business With HubSpot's Tools for WordPress Websites

For instance, let's say I try to upload an AVIF file to WordPress. AVIF is an image format that stores compressed images. Although this format promises to be a game-changer in image compression, information technology'south nevertheless relatively new and therefore not a popular file format.

WordPress does non support this file type. If I effort to upload an AVIF file, I'll receive the "sorry, this file type is not permitted for security reasons" mistake. Here's how that error looks in the Gutenberg editor:

If you lot simply upload file types that WordPress supports, y'all probably won't ever see this error message. Next, let'due south review what those file types are.

WordPress Allowed File Types

WordPress supports a wide range of file types including the nigh common images, video, certificate, and audio formats. These file types are also known every bit Multipurpose Internet Mail Extensions, or MIME types. MIME types assistance browsers effigy out what type of content has been uploaded to a web page.

If you upload a .jpeg file and .png file, for example, the browser uses their MIME types to decide that these are both image files. Similarly, if y'all upload a .mp3 or a .wav file, the MIME type signals to the browser that these are audio files.

WordPress supports uploading the post-obit file types:

Images

  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico

Document

  • .pdf
  • .doctor, .docx
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd

Audio

  • .mp3
  • .m4a
  • .ogg
  • .wav

Video

  • .mp4, .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2

Annotation that you can upload HTML files to WordPress in addition to the files listed above. As well, nosotros don't recommend uploading videos directly to your WordPress media library, since they utilise upwardly significant storage and can tiresome down your website. Instead, opt for a video hosting service to store your videos.

These file types are all quite common. However, you may want to upload a file type that'southward not on this listing. Or, you lot may be trying to upload one of these permitted file types and nevertheless get the "lamentable, this file blazon is not permitted for security reasons" error message.

In either case, there are steps you can take to avert this error message.

1. Check your file type extension.

Before you start changing your WordPress settings or files, check the extension of the file yous're trying to upload. Perchance yous accidentally inverse the extension when saving the file. So, the reason yous're seeing the fault message is not a problem with your wp-config.php or functions.php file — it'due south that y'all're trying to upload an image in a video format.

In the example below, I tried to upload a .jpg file as an .avi file and got the error message as a outcome.

Incorrect file name extension causing the "

This is an easy first step: If the file name extension is incorrect, so you tin ready it and upload the file in the correct format. If information technology is correct, move on to the next footstep.

two. Change your multisite network settings.

If you are running a multisite installation — a network of sites that all share the aforementioned WordPress installation core files — then you lot can easily add more allowed file types.

To add a file type, click Settings > Network Settings in your dashboard, and then whorl down to Upload Settings. In the input field next to Upload file types, add together the extension for the file type you want to upload. And so, save your changes.

Adding allowed file types in upload settings of WordPress multisite installation

Users on whatever site in your network will now exist permitted to upload all the file types listed hither.

If yous are running a single-site WordPress installation, y'all won't have this option in your settings. You'll demand to attempt 1 of the steps below.

3. Edit your wp-config.php file to upload whatsoever file type.

If you want to permit whatsoever and all file types to be uploaded to your site, you just need to add 1 line of code to your wp-config.php file.

Information technology's relatively simple to do this, but equally a best do, you should e'er make a backup of your wp-config.php file before editing. Even a small fault in the file can brand your site inaccessible.

Once yous've made a copy of your wp-config.php file, follow the steps below to permit any file type upload.

  • Admission File Manager via your hosting command panel.
  • Open up your public_html folder.
  • Locate and right-click the wp-config.php file, and then choose Edit.
  • Scroll to the bottom of the file.
  • At the end of the file, yous'll see the line: /* That's all, stop editing! Happy blogging. */. Above this line, paste the post-obit lawmaking:
                                          

define('ALLOW_UNFILTERED_UPLOADS', true);

  • Salvage your changes to the file.
  • Log out of WordPress, then sign back in. Yous should at present exist allowed to upload whatever file type.
  • Save your changes. You should now exist allowed to upload the new file types.

This is a relatively easy solution, but not ideal for every website. If multiple users are uploading files on your WordPress site, for case, you may want to specify which file types are permitted. In that case, keep reading.

4. Edit your theme's functions.php file to modify permitted file types.

If you desire to let only certain file types to exist uploaded to your site, y'all tin apply the Upload_Mimes Filter. Here'southward how:

  • Access File Managing director via your hosting control panel.
  • Open up your wp-content binder.
  • Open your themes folder.
  • Locate and right-click the functions.php file, then choose Edit.
  • Coil to the bottom of the file and paste the following lawmaking:
                                          

function cc_mime_types($mimes) {

    // New allowed mime types.

  $mimes['svg'] = 'prototype/svg+xml';

  $mimes['svgz'] = 'paradigm/svg+xml';

  return $mimes;

}

add_filter( 'upload_mimes', 'my_custom_mime_types' );

Note that the lawmaking higher up allows SVG and SVGZ files. You tin alter or add MIME types to this code snippet depending on what file types you want to upload.

While avant-garde users won't accept a trouble adding code to their functions.php or wp-config.php files, beginners might. In that case, you tin can use a WordPress plugin besides.

5. Install a plugin to add more permitted file types.

If y'all'd prefer not to edit your wp-config.php or functions.php files direct, then you tin can use a plugin to add permitted file types on your website.

WP Add Mime Types and File Upload Types by WPForms are two such plugins. While both are free from the official WordPress directory and highly rated, the File Upload Types plugin is more than beginner-friendly. Follow these steps to employ it:

  • Install and activate the File Upload Types past WPForms plugin.
  • Under Settings, click File Upload Types.
  • Check the boxes next to the file types yous want to upload. The list is pretty long, but you lot can search for your extension using the search bar in the top right. If your extension isn't on the list, yous can add your own custom file type at the bottom.
  • When finished, click Salvage Settings. You should now be immune to upload the new file types.

Adding more permitted file types using File Upload Types by WPForms plugin

6. Contact your hosting provider.

If y'all've tried all the steps above and are withal getting an error message, and so contact your WordPress hosting provider support team and draw your upshot.

It's possible that your provider has stricter limits on the file types you tin can upload than WordPress has by default. In that case, the steps in a higher place won't resolve the "distressing, this file type is non permitted for security reasons" error, but your provider'southward client support probable tin can.

Securing Your File Uploads

Even though there are means to get around the "sorry, this file type is not permitted for security reasons" error, that doesn't mean y'all should ignore the security problems that WordPress sites can feel. WordPress restricts the file types y'all can upload because allowing any file type would brand it easier for bots and hackers to place malware on your site.

That's why we recommend specifying which file types y'all want to allow as to non open your website to any type of file, and consider preventing users with lower roles from uploading files to your site.

Additionally, simply upload plugin and theme files downloaded from legitimate sources, as these files are some of the nearly mutual causes of compromised WordPress sites. And, carry regular malware scans for harmful lawmaking that may have found its way in via an upload.

For more means to protect your site from hacking attempts, run across our full guide to WordPress security.

Uploading File Types in WordPress

A "lamentable, this file blazon is non permitted for security reasons" fault can be frustrating for site admins and users. The good news is that the steps above tin either resolve the error or allow you lot to control which file types you're able to upload — without compromising the security of your WordPress site.

Editor's note: This mail was originally published in Jan 2021 and has been updated for comprehensiveness.

Use HubSpot tools on your WordPress website and connect the two platforms  without dealing with code. Click here to learn more.

Use HubSpot tools on your WordPress website and connect the two platforms  without dealing with code. Click here to learn more.

Originally published Oct 5, 2021 7:00:00 AM, updated October 05 2021