Fix “Sorry, this file type is not permitted for security reasons” error in WordPress

Sometimes when you try to upload a file to WordPress, you’ll see this error: “Sorry, this file type is not permitted for security reasons.”  Or if you’re using the latest version of WordPress, the error message may say, “Sorry, you are not allowed to upload this file type.”

This usually occurs because the file’s MIME type (also called “Media type”) is restricted from upload due to default WordPress settings.

Luckily, there are several ways to authorize additional file types for upload.

MIME types explained

MIME stands for Multipurpose Internet Mail Extensions. MIME types are used by browsers and other internet devices to determine the type of content associated with a page.

For instance, if you have a .png file and a .jpeg file on a page, the browser would know by their MIME types (not their file extension) to treat both files as images, rather than videos or other file types.

By default, WordPress stores a list of registered MIME types in wp-includes/functions.php. However, not all MIME types recognized are allowed to be uploaded in the WordPress admin dashboard.

File types supported by default

To allow uploading of file types not listed above, there are a few ways to get around the restrictions.

Authorize uploads for additional MIME types using a plugin

We recommend WP Extra File Types. Setup is really simple, just click the file types you want to allow and save your changes.

Other plugin options include:

• WP Add Mime Types
• WP Media Type File Manager
• MIME Types Plus

Authorize uploads for additional MIME types via functions.php

If you’re code-savvy, you can add the requirements to the active theme’s functions.php file. The example below can be modified for the file types you want to allow:

function my_theme_custom_upload_mimes( $existing_mimes ) { 
// Add webm to the list of mime types. 
$existing_mimes['webm'] = 'video/webm';
// Return the array back to the function with our added mime type.
return $existing_mimes;
}
add_filter( 'upload_mimes', 'my_theme_custom_upload_mimes' ); 

Allow unfiltered uploads via wp-config.php

All uploads can be authorized with the addition of the following line to the site’s wp-config.php file:

define('ALLOW_UNFILTERED_UPLOADS', true);

It’s important to note that this allows all file types to be uploaded by administrator-level users. It’s best practice to add file types as needed.

Configure multisite upload settings

If you are developing a multisite, you can edit MIME types directly from the multisite settings, no plugins or coding required!

1. From the WordPress admin area, navigate to Network Admin > Settings > Network Settings
2. Scroll down to Upload Settings and add or remove file types from the Upload file types field.

Need help?

If you have any questions our Happiness Engineers are here to help!