How to Solve the “Sorry, This File Type Is Not Permitted for Security Reasons” WordPress Error

by | Last Updated Jan 28, 2021 | WordPress | 0 comments

You tried to upload a file to your WordPress Media Library. Then you got an error message, Sorry, This File Type Is Not Permitted for Security Reasons.

Hmm. We’ve seen it many times.

As stated in the message, WordPress restricts the types of files that you can upload to your website for security reasons.

You can manually expand the allowed file types by adding a tiny code snippet to your website’s wp-config.php file or using a free plugin. You can then upload the restricted file types.

Here’s what you’ll find in this article.

Why Does “Sorry, This File Type Is Not Permitted for Security Reasons” Message Appear?

I have said this above. WordPress’ default configuration restricts the types of files that can be uploaded to your site due to security concerns.

You can upload the following file types by default.

Images:

  • .jpg
  • .gif
  • .ico
  • .png
  • .jpeg

Videos:

  • .mov
  • .mpg
  • .m4v
  • .3gp
  • .mp4
  • .ogv
  • .3g2
  • .avi
  • .wmv

Documents:

  • .ppt, .pptx, .ppsx, .pps
  • .pdf
  • .odt
  • .psd
  • .doc
  • .xls, .xlsx

Audio:

  • .m4a
  • .mp3
  • .wav
  • .ogg

If the file type you want to upload is not on the list above, you will likely be faced with the Sorry, This File Type Is Not Permitted for Security Reasons error.

For example, on the WordPress site, you need to use your custom fonts. You are likely to need to upload a custom font file in the .woff2 format.

Montserrat Font Has Failed to Upload

WordPress will show you the Sorry, This File Type Is Not Permitted for Security Reasons error because that format is not allowed by default.

That means WordPress won’t allow you to upload them.

Here’s an example of a .woff2 file we uploaded to our test website.

How to Fix the “Sorry, This File Type Is Not Permitted for Security Reasons” WordPress Error

Below are two solutions to the Sorry, This File Type Is Not Permitted for Security Reasons error.

1 – Add File Type Permissions Using wp-config.php

WordPress allows you to enable the ALLOW_UNFILTERED_UPLOADS feature in your wp-config.php file. Once enabled, you can upload any file type to your WordPress Media Library.

Start by connecting to your WordPress site via FTP/SFTP. You can also log into DirectAdmin and access the File Manager. This will be more efficient.

You can find the wp-config.php file of your site in the root folder. The root directory is the same folder that has the wp-admin and wp-includes folders.

Right-click to edit the wp-config.php file. In this example, I am using DirectAdmin File Manager.

Then, while editing the wp-config.php file, you need to place this code snippet just above the /* That’s all, stop editing! Happy publishing. */ line.

define('ALLOW_UNFILTERED_UPLOADS', true);
ALLOW_UNFILTERED_UPLOADS WP Config File

Don’t forget to save your changes. If you have used SFTP, you will need to re-upload the file to the server.

Taking these steps means nothing can prevent you or your users from uploading malicious files to your website. So trying the below option may be better than this one.

2 – Use WordPress Plugins

Suppose you don’t prefer to edit your wp-config.php file. Or you wish to control what files can be uploaded to your site. In that case, you can use free WordPress plugins.

There are a few plugins that will help you here. Enhanced Media Library or File Upload Types by WPForms are a few examples.

Once you install and activate the Enhanced Media Library plugin, go to Settings > Media > MIME Types.

You will find a lengthy list of file types there.

Enhanced Media Library MIME Types in WordPress

Check the Allow Upload box next to any file type you would like to allow uploading.

And then click the Save Changes button.

If you install and activate the File Upload Types plugin, go to Settings > File Upload Types.

You will find a lengthy list of file types there as well.

File Upload Types MIME Types in WordPress

Tick the checkbox next to any file type you would like to allow uploading. And then click the Save Settings button.

If you don’t see the file type you’d like to upload on the list, you can also add your custom file types. This option is available at the bottom of the page.

Alternative Plugins

Sometimes, there may be more effective alternatives for enabling certain file types. For example, we recommend the free Safe SVG plugin in our tutorial on allowing SVGs in WordPress.

This enables the SVG file-type in the WordPress media library and sanitizes them upon upload.

Summary

For security reasons, WordPress limits the file types that can be uploaded to a site by default.

If you upload a file type not listed here, you’ll get the Sorry, This File Type Is Not Permitted for Security Reasons message.

You can edit your wp-config.php file and add the ALLOW_UNFILTERED_UPLOADS code snippet. This will allow unfiltered uploads.

Alternatively, you can also use free plugins to control allowed file types directly from your WordPress dashboard.

Also, remember you could upload the file via SFTP if necessary.

If you enjoyed this tutorial, then you’ll love Rovity and our fast-growing premium shared hosting on the cloud. Check our subscription plans.

We engineered our cloud infrastructure with Performance, Speed, Scalability, and Security in mind.

That’s why we built Rovity with AWS, CloudLinux OS, DirectAdmin, and LiteSpeed Web Server.

Come and experience the next generation of shared hosting on the cloud

By Jafar Muhammed

Jafar Muhammed has 10+ years of experience in WordPress, web hosting, domain names, DNS, CDN, server administration, etc. He is an open web advocate. He is the CEO of Rovity, the fastest growing premium shared hosting startup in India.

Check Out These Related Posts

Avoid These 8 Blogging Mistakes in 2021

Avoid These 8 Blogging Mistakes in 2021

Blogging plays a large part in the $400 billion content marketing industry. Blogs are an excellent way to make substantial extra income. They're also powerful tools for generating traffic to your website. Blogging isn't just a part-time gig and a digital marketing...

read more

0 Comments

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *