So, y'all simply tried to upload a file to your WordPress website and, instead of successfully uploading, you received an error bulletin that said, "Distressing, this file blazon is non permitted for security reasons."

Your start instinct might be to panic. Did you lot merely almost upload a corrupted file to your site? Was information technology malware? Is your site compromised now?

Don't worry — while this message might seem ominous, information technology only ways that WordPress does not support the file blazon you tried to upload. In this mail, we'll examine what causes this error message and look at a few free and like shooting fish in a barrel means to resolve it.

Grow Your Business With HubSpot's Tools for WordPress Websites

What causes the "sorry, this file blazon is not permitted for security reasons" error in WordPress?

By default, WordPress restricts the types of files that you can upload to your site for security reasons. When you endeavour to upload a file type that WordPress does non back up, you lot'll come across the "deplorable, this file type is not permitted for security reasons" fault message.

For instance, let'due south say I try to upload an AVIF file to WordPress. AVIF is an image format that stores compressed images. Although this format promises to exist a game-changer in image compression, information technology'due south all the same relatively new and therefore not a popular file format.

WordPress does non back up this file blazon. If I endeavour to upload an AVIF file, I'll receive the "pitiful, this file blazon is not permitted for security reasons" error. Here's how that error looks in the Gutenberg editor:

If yous only upload file types that WordPress supports, you probably won't ever see this fault bulletin. Side by side, let'southward review what those file types are.

WordPress Allowed File Types

WordPress supports a wide range of file types including the most common images, video, certificate, and audio formats. These file types are also known equally Multipurpose Cyberspace Mail Extensions, or MIME types. MIME types assistance browsers figure out what type of content has been uploaded to a web page.

If you upload a .jpeg file and .png file, for example, the browser uses their MIME types to determine that these are both image files. Similarly, if you upload a .mp3 or a .wav file, the MIME type signals to the browser that these are audio files.

WordPress supports uploading the following file types:

Images

  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico

Document

  • .pdf
  • .doc, .docx
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd

Audio

  • .mp3
  • .m4a
  • .ogg
  • .wav

Video

  • .mp4, .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2

Note that you tin upload HTML files to WordPress in addition to the files listed above. Also, nosotros don't recommend uploading videos directly to your WordPress media library, since they use up pregnant storage and can boring down your website. Instead, opt for a video hosting service to store your videos.

These file types are all quite mutual. However, you may want to upload a file type that'due south non on this list. Or, you may be trying to upload i of these permitted file types and still go the "sorry, this file type is not permitted for security reasons" error message.

In either instance, in that location are steps yous tin can accept to avoid this error message.

How to Fix the "Sorry, This File Type Is Not Permitted for Security Reasons" Error

  1. Check your file type extension.
  2. Change your multisite network settings.
  3. Edit your wp-config.php file to upload whatsoever file type.
  4. Edit your theme'due south functions.php file to change permitted file types.
  5. Install a plugin to add more than permitted file types.
  6. Contact your hosting provider.

1. Cheque your file type extension.

Before you lot start changing your WordPress settings or files, check the extension of the file you're trying to upload. Maybe you accidentally changed the extension when saving the file. And then, the reason you lot're seeing the mistake message is not a trouble with your wp-config.php or functions.php file — it's that you're trying to upload an epitome in a video format.

In the example below, I tried to upload a .jpg file as an .avi file and got the error message as a upshot.

Incorrect file name extension causing the "

This is an easy start footstep: If the file proper name extension is incorrect, then you can fix it and upload the file in the right format. If it is right, move on to the next step.

2. Change your multisite network settings.

If y'all are running a multisite installation — a network of sites that all share the same WordPress installation core files — then you can easily add more allowed file types.

To add together a file blazon, click Settings > Network Settings in your dashboard, then scroll downwards to Upload Settings. In the input field side by side to Upload file types, add the extension for the file type you want to upload. And so, save your changes.

Adding allowed file types in upload settings of WordPress multisite installation

Users on any site in your network will at present be permitted to upload all the file types listed here.

If y'all are running a single-site WordPress installation, yous won't accept this pick in your settings. You lot'll need to try one of the steps below.

three. Edit your wp-config.php file to upload any file blazon.

If y'all want to allow whatever and all file types to be uploaded to your site, you but need to add one line of code to your wp-config.php file.

Information technology'due south relatively simple to do this, but as a best do, y'all should always make a backup of your wp-config.php file before editing. Fifty-fifty a small fault in the file can make your site inaccessible.

Once you've fabricated a copy of your wp-config.php file, follow the steps below to permit any file type upload.

  • Access File Manager via your hosting control panel.
  • Open up your public_html folder.
  • Locate and right-click the wp-config.php file, then choose Edit.
  • Coil to the lesser of the file.
  • At the end of the file, you'll meet the line: /* That's all, stop editing! Happy blogging. */. Above this line, paste the following lawmaking:
                                          
define('ALLOW_UNFILTERED_UPLOADS', true);
  • Save your changes to the file.
  • Log out of WordPress, then sign dorsum in. Yous should now be immune to upload whatsoever file type.
  • Save your changes. Y'all should now be allowed to upload the new file types.

This is a relatively easy solution, but not ideal for every website. If multiple users are uploading files on your WordPress site, for example, you may desire to specify which file types are permitted. In that case, go on reading.

4. Edit your theme's functions.php file to modify permitted file types.

If you desire to allow but sure file types to be uploaded to your site, you lot can utilize the Upload_Mimes Filter. Here'south how:

  • Access File Manager via your hosting control panel.
  • Open your wp-content binder.
  • Open your themes folder.
  • Locate and right-click the functions.php file, then choose Edit.
  • Coil to the bottom of the file and paste the following lawmaking:
                                          
office cc_mime_types($mimes) {
                      
    // New allowed mime types.
                      
  $mimes['svg'] = 'image/svg+xml';
                      
  $mimes['svgz'] = 'paradigm/svg+xml';
                      
  return $mimes;
                      
}
                      
add_filter( 'upload_mimes', 'my_custom_mime_types' );

Note that the code above allows SVG and SVGZ files. You lot tin can modify or add together MIME types to this code snippet depending on what file types you desire to upload.

While advanced users won't have a problem calculation code to their functions.php or wp-config.php files, beginners might. In that case, you can employ a WordPress plugin as well.

5. Install a plugin to add more permitted file types.

If yous'd prefer non to edit your wp-config.php or functions.php files straight, then yous can apply a plugin to add together permitted file types on your website.

WP Add Mime Types and File Upload Types by WPForms are two such plugins. While both are gratuitous from the official WordPress directory and highly rated, the File Upload Types plugin is more beginner-friendly. Follow these steps to use it:

  • Install and activate the File Upload Types by WPForms plugin.
  • Under Settings, click File Upload Types.
  • Check the boxes adjacent to the file types you desire to upload. The list is pretty long, but you lot can search for your extension using the search bar in the meridian right. If your extension isn't on the list, you can add your own custom file type at the bottom.
  • When finished, click Save Settings. Y'all should now be immune to upload the new file types.

Adding more permitted file types using File Upload Types by WPForms plugin

6. Contact your hosting provider.

If you've tried all the steps to a higher place and are still getting an error message, then contact your WordPress hosting provider support team and draw your issue.

Information technology's possible that your provider has stricter limits on the file types y'all tin can upload than WordPress has by default. In that case, the steps higher up won't resolve the "sorry, this file type is not permitted for security reasons" mistake, only your provider'southward customer back up likely can.

Securing Your File Uploads

Even though in that location are ways to get around the "sorry, this file type is non permitted for security reasons" fault, that doesn't mean y'all should ignore the security issues that WordPress sites can experience. WordPress restricts the file types you tin upload because allowing whatsoever file type would make information technology easier for bots and hackers to identify malware on your site.

That's why we recommend specifying which file types you want to let as to not open up your website to whatsoever blazon of file, and consider preventing users with lower roles from uploading files to your site.

Additionally, only upload plugin and theme files downloaded from legitimate sources, as these files are some of the most mutual causes of compromised WordPress sites. And, conduct regular malware scans for harmful code that may have found its way in via an upload.

For more ways to protect your site from hacking attempts, run into our total guide to WordPress security.

Uploading File Types in WordPress

A "sad, this file blazon is non permitted for security reasons" error tin can be frustrating for site admins and users. The good news is that the steps higher up can either resolve the error or allow yous to control which file types yous're able to upload — without compromising the security of your WordPress site.

Editor'southward note: This postal service was originally published in January 2021 and has been updated for comprehensiveness.

Use HubSpot tools on your WordPress website and connect the two platforms without dealing with code. Click here to learn more.

Use HubSpot tools on your WordPress website and connect the two platforms without dealing with code. Click here to learn more.

Originally published October five, 2021 7:00:00 AM, updated Oct 05 2021