Have you ever tried uploading a file to your WordPress site only to see the error "Sorry, this file type is not permitted for security reasons"? As a fellow WordPress user, I‘ve been there too!
In this guide, I‘ll explain what causes this frustrating error and walk you through several methods to successfully fix it. With over 15 years of experience managing WordPress sites, I‘ll make sure to cover some best practices to keep your site secure while enabling file uploads.
Contents
Why WordPress Blocks Certain File Types
Before we dig into the solutions, it‘s important to understand why WordPress blocks uploads of certain file types in the first place.
As an open source CMS used by over 43% of all websites, WordPress is a huge target for hackers. In fact, hackers attacked over 1.2 million WordPress sites in 2021 alone.
The WordPress team is constantly working to stay one step ahead of the latest threats. Restricting file uploads is one key security measure.
According to Sucuri‘s 2021 Hacked Website Report, some of the most common malware file types are:
| File Type | % of Infected Files |
|---|---|
| .js (JavaScript) | 22% |
| .php (PHP Script) | 20% |
| .swf (Flash File) | 8% |
As you can see, allowing .php or .js file uploads would pose a huge security risk! That‘s why WordPress sticks to purely visual file formats out of the box.
The Default File Types Allowed in WordPress
Here‘s a quick overview of the core file types permitted under default WordPress settings:
Images: .jpg, .jpeg, .png, .gif, .tiff, .ico
Documents: .pdf
Audio: .mp3, .m4a, .ogg, .wav
Video: .mp4, .m4v, .mov, .wmv, .avi, .mpg, .ogv, .3gp, .3g2
This covers most common needs like sharing photos, PDFs, music, and videos. But occasionally you may need to upload something outside of these defaults.
When You Might Need to Allow New File Types
Here are some examples of when you may need to enable additional file types on your WordPress site:
- Design templates – Uploading .psd, .ai, or .indd design files to share with your team or clients
- Presentations – Adding PowerPoint presentations (.pptx) for visitors to download
- Zip archives – Sharing project files or assets packed as .zip archives
- Spreadsheets – Letting users download Excel (.xlsx) or CSV data files
- Ebooks – Uploading .epub, .mobi ebook files to share with your readers
If your users try uploading anything outside of the standard file types above, they‘ll see the dreaded "Sorry, this file type is not permitted for security reasons" error.
But not to worry – here are some easy ways to fix it!
How to Allow New File Types in WordPress
Double Check the File Extension
Before diving into code changes or plugins, first double check that the file extension is typed correctly.
For example, an image file should end in .jpg or .png. A minor typo like .jpgg or .pnng can cause the "file type not permitted" error.
To check the extension, show filename extensions in your computer‘s settings, then inspect the file to ensure it matches an allowed type.
Use a File Upload Plugin
The easiest way to enable new file types is by installing the free File Upload Types plugin.
Over 40,000 WordPress users have given this plugin 5-star reviews. And it‘s even maintained by Syed Balkhi, the founder of WPBeginner, so you can trust it‘s secure.
Once activated, head to Settings > File Upload Types, check the box next to your desired file type, and click Save Changes. It couldn‘t be simpler!
Modify File Types via Functions.php
More experienced WordPress users can add support for extra file types by adding this snippet to the functions.php file:
function allow_new_file_types($file_types){
$new_filetypes = array(‘psd‘, ‘zip‘, ‘doc‘);
return array_merge($file_types, $new_filetypes );
}
add_filter(‘upload_mimes‘, ‘allow_new_file_types‘); Just update the $new_filetypes array with your desired extensions.
Upload via FTP
As a workaround, you can manually upload files via FTP rather than the WordPress uploader. Upload them directly to the /wp-content/uploads/ folder or a subfolder.
This isn‘t ideal for frequent uploads, but works in a pinch.
Allowing New File Types Securely
Adding support for new file types can introduce security risks if not handled properly. Here are a few tips:
- Install a trusted security plugin like Wordfence to monitor for malware or unauthorized files.
- Limit upload size to a reasonable max like 8-10MB to prevent giant malicious files.
- Back up your site before making file type changes in case you need to roll back.
- Use plugins to restrict unneeded file types for subscriber accounts.
With some basic security measures, you can safely permit new file uploads for your business needs or users.
I hope this guide helped you finally fix the pesky "file type not permitted for security reasons" error! Let me know if you have any other WordPress questions.
