You tried to upload a file to your WordPress Media Library. Then you got an error message, Sorry, This File Type Is Not Permitted for Security Reasons.
Hmm. We’ve seen it many times.
As stated in the message, WordPress restricts the types of files that you can upload to your website for security reasons.
You can manually expand the allowed file types by adding a tiny code snippet to your website’s wp-config.php file or using a free plugin. You can then upload the restricted file types.
Here’s what you’ll find in this article.
Why Does “Sorry, This File Type Is Not Permitted for Security Reasons” Message Appear?
I have said this above. WordPress’ default configuration restricts the types of files that can be uploaded to your site due to security concerns.
You can upload the following file types by default.
Images:
- .jpg
- .gif
- .ico
- .png
- .jpeg
Videos:
- .mov
- .mpg
- .m4v
- .3gp
- .mp4
- .ogv
- .3g2
- .avi
- .wmv
Documents:
- .ppt, .pptx, .ppsx, .pps
- .odt
- .psd
- .doc
- .xls, .xlsx
Audio:
- .m4a
- .mp3
- .wav
- .ogg
If the file type you want to upload is not on the list above, you will likely be faced with the Sorry, This File Type Is Not Permitted for Security Reasons error.
For example, on the WordPress site, you need to use your custom fonts. You are likely to need to upload a custom font file in the .woff2 format.
WordPress will show you the Sorry, This File Type Is Not Permitted for Security Reasons error because that format is not allowed by default.
That means WordPress won’t allow you to upload them.
Here’s an example of a .woff2 file we uploaded to our test website.
How to Fix the “Sorry, This File Type Is Not Permitted for Security Reasons” WordPress Error
Below are two solutions to the Sorry, This File Type Is Not Permitted for Security Reasons error.
1 – Add File Type Permissions Using wp-config.php
WordPress allows you to enable the ALLOW_UNFILTERED_UPLOADS feature in your wp-config.php file. Once enabled, you can upload any file type to your WordPress Media Library.
Start by connecting to your WordPress site via FTP/SFTP. You can also log into DirectAdmin and access the File Manager. This will be more efficient.
You can find the wp-config.php file of your site in the root folder. The root directory is the same folder that has the wp-admin and wp-includes folders.
Right-click to edit the wp-config.php file. In this example, I am using DirectAdmin File Manager.
Then, while editing the wp-config.php file, you need to place this code snippet just above the /* That’s all, stop editing! Happy publishing. */ line.
define('ALLOW_UNFILTERED_UPLOADS', true);
Don’t forget to save your changes. If you have used SFTP, you will need to re-upload the file to the server.
Taking these steps means nothing can prevent you or your users from uploading malicious files to your website. So trying the below option may be better than this one.
2 – Use WordPress Plugins
Suppose you don’t prefer to edit your wp-config.php file. Or you wish to control what files can be uploaded to your site. In that case, you can use free WordPress plugins.
There are a few plugins that will help you here. Enhanced Media Library or File Upload Types by WPForms are a few examples.
Once you install and activate the Enhanced Media Library plugin, go to Settings > Media > MIME Types.
You will find a lengthy list of file types there.
Check the Allow Upload box next to any file type you would like to allow uploading.
And then click the Save Changes button.
If you install and activate the File Upload Types plugin, go to Settings > File Upload Types.
You will find a lengthy list of file types there as well.
Tick the checkbox next to any file type you would like to allow uploading. And then click the Save Settings button.
If you don’t see the file type you’d like to upload on the list, you can also add your custom file types. This option is available at the bottom of the page.
Alternative Plugins
Sometimes, there may be more effective alternatives for enabling certain file types. For example, we recommend the free Safe SVG plugin in our tutorial on allowing SVGs in WordPress.
This enables the SVG file-type in the WordPress media library and sanitizes them upon upload.
Summary
For security reasons, WordPress limits the file types that can be uploaded to a site by default.
If you upload a file type not listed here, you’ll get the Sorry, This File Type Is Not Permitted for Security Reasons message.
You can edit your wp-config.php file and add the ALLOW_UNFILTERED_UPLOADS code snippet. This will allow unfiltered uploads.
Alternatively, you can also use free plugins to control allowed file types directly from your WordPress dashboard.
Also, remember you could upload the file via SFTP if necessary.
If you enjoyed this tutorial, then you’ll love Rovity and our fast-growing premium shared hosting on the cloud. Check our subscription plans.