[FIX] Sorry, This File Type Is Not Permitted for Security Reasons (WordPress)

Are you trying to upload a file to your WordPress Media Library, and you get a message saying, "Sorry, this file type is not permitted for security reasons" and/or "[filename] has failed to upload."

That's incredibly frustrating, but it is a very simple fix. We will guide you step-by-step in this article.

WordPress, as the message implies, restricts the types of files you can upload to your site for security reasons. However, you can manually expand the list of allowed file types by adding a small code snippet to your site's wp-config.php file or by using a free plugin.

What Causes the Message "Sorry, this file type is not permitted for security reasons"?

As previously stated, the default configuration of WordPress restricts the types of files that you can upload to your site for security reasons.

When you try to upload a file type that WordPress does not support by default, you receive the “Sorry, This File Type Is Not Permitted for Security Reasons” error message.

For security reasons, because certain files can cause hacks or other problems, WordPress restricts the file types you can upload through your site's admin to images, videos, documents, and audio.

You can upload the following file types by default:

Image files allowed:

  • .jpg,
  • .jpeg,
  • .png,
  • .gif,
  • and.ico

Videos include the following:

  • .mp4
  • .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2

Document file types allowed:

  • .pdf
  • .doc
  • .ppt
  • .pptx
  • .pps
  • .ppsx
  • .odt
  • .xls
  • .xlsx
  • .psd

Audio files permitted:

  • .mp3,
  • .m4a,
  • .ogg,
  • and.wav

 

Anything else not in the above list is NOT allowed.

If you try to upload a file type that isn't on the list above, you'll probably get the "Sorry, this file type is not permitted for security reasons" error. You may also see the message "[filename] failed to upload."

For example, if you want to use your own custom fonts on your WordPress site, you could try uploading a custom font file to WordPress in the .tff and/or .woff formats. Because those formats are not supported by WordPress by default, you will see the “Sorry, this file type is not permitted for security reasons” error instead of being able to upload them.

Here's an example of a .ttf file that we attempted to upload to our test site:

What Causes the Message

How to Fix the “Sorry, this file type is not permitted for security reasons” WordPress Error


We'll show you how to fix the "Sorry, this file type is not permitted for security reasons" error in WordPress in two ways below:

  1. By modifying the wp-config file
  2. Using a free WordPress plugin (WP Extra File Types)


1. Add New Allowed File Types Using the wp-config.php file

WordPress includes an ALLOW_UNFILTERED_UPLOADS setting that you can enable in the wp-config.php file of your site. You'll be able to upload any file type to your WordPress Media Library once you enable it.

Be careful when you enable this, especially if there are other people who work on the site. Or do this temporarily and then remove the setting again. 

Here's how to do it. Because you'll be editing your wp-config.php file (which can break your site if you make a mistake), we recommend backing up your site first.

To begin, connect to your WordPress site using FTP/SFTP. The wp-config.php file on your site is located in the root folder, which also contains the wp-admin and wp-includes folders.

To edit the file or download it to your computer, right-click it and select Save Target As, or use the edit function of the FTP client. 

NOTE: You can do this also using your hosting's File Manager (using CPanel or otherwise) or using a File Manager plugin, if you have one installed.

Add New Allowed File Types1

Then, in the wp-config.php file, add the following code snippet above the /* That's all, stop editing! */ line:

define('ALLOW_UNFILTERED_UPLOADS', true);

Add New Allowed File Types

Save your changes and re-upload the file if necessary.

To complete the process, go to your WordPress dashboard and log out of your WordPress account. You can then immediately log back in.

After logging out/in, you should be able to upload any file without receiving the error message.

2. Install and activate the free WP Extra File Types Plugin


If you don't want to edit your wp-config.php file and/or want more control over which file types can be uploaded to your site, you can install the free WP Extra File Types plugin from WordPress.org.

After you've installed and activated the plugin, navigate to the Settings > Extra File Types section of your WordPress dashboard.

There is a long list of file types there. Check the box next to the file type(s) you want to be able to upload, then click the Save Changes button at the bottom:

Install and activate the free WP Extra File Types Plugin

If the file type you want to upload isn't on the list, you can add your own custom file types at the bottom of the plugin's settings page:

Other Plugins

Other Plugins

There may be better alternative plugins to enable specific file types in some cases such as WebP or SVG (e.g. Safe SVG plugin).

IMH

Do you want a fast website?

Who am I kidding? Don't we all?

So why do so many of us struggle?

The biggest challenge is usually finding a fast, reliable hosting company.

We've all been through the nightmares - support take takes forever or doesn't resolve our problem always blaming something on your side... 

But the biggest bummer is that the website always feels slow.

At CollectiveRay we host with InMotion hosting and our website is stupid fast. We run on a custom stack of LightSpeed server setup on MariaDB with a PHP7.4 engine and fronted through Cloudflare. 

Combined with our front-end optimizations we reliably server 6000 users every single day, with peaks of 50+ simultaneous users. 

Want to get a fast setup like ours? Transfer your site for free to InMotion hosting and get our 50% OFF on current pricing.

Try InMotion Hosting with 50% OFF for CollectiveRay visitors in November 2023 ONLY!

InMotion hosting 50% OFF for CollectiveRay visitors

Recommended Reading:

[FIX] Briefly unavailable for scheduled maintenance. Check back in a minute

[FIX] The Link You Followed Has Expired in WordPress (3 Ways)

[Fix] The Uploaded File Exceeds The upload_max_filesize Directive in Php.ini [4 Proven Ways]

[How to] Fix the Err_Cache_Miss Error in Google Chrome

Wrapping Up

By default, WordPress restricts the file types that you can upload to your site. This is done for security reasons. If you try to upload a file type that is not on the list of default file types, you will receive the message "Sorry, this file type is not permitted for security reasons."

To allow unfiltered uploads, you can edit your wp-config.php file and add the ALLOW_UNFILTERED_UPLOADS code snippet. You can also control allowed file types from your WordPress dashboard by using the free WP Extra File Types plugin.

About the Author
Shahzad Saeed
Shahzaad Saaed has been featured in a large number of authority websites, as a WordPress expert. He specializes in content marketing to help business grow their traffic.

One more thing... Did you know that people who share useful stuff like this post look AWESOME too? ;-)
Please leave a useful comment with your thoughts, then share this on your Facebook group(s) who would find this useful and let's reap the benefits together. Thank you for sharing and being nice!

Disclosure: This page may contain links to external sites for products which we love and wholeheartedly recommend. If you buy products we suggest, we may earn a referral fee. Such fees do not influence our recommendations and we do not accept payments for positive reviews.

Author(s) Featured On:  Inc Magazine Logo   Sitepoint logo   CSS Tricks logo    webdesignerdepot logo   WPMU DEV logo   and many more ...