Started uploading a file and was met with the concerning “Sorry, this file type is not permitted for security reasons” error message? Don’t fret—it may have been a mishap on your part. However, it can also be precisely what it says: an unsupported file extension that can harm your website. Therefore, this CMS (Content Management System) prevented its upload. We have dealt with a plethora of upload issues that mainly had to do with limited file size or an incorrect course of action after uploads, like a blank thumbnail. Now it’s time we tackle how to fix the “Sorry, this file type is not permitted for security reasons” WordPress error.
1. Double-check the file extension and make sure WordPress supports it
You may have discovered the beauty of compression in revolutionary image formats like .webp, .svg, or .avif. Perhaps you found out that entire books can fit into a few MBs in .azw3 .epub, or .mobi extensions. Nonetheless, WordPress refuses to recognize them. While sad, this is part of what makes the platform successful at repealing malware through built-in security. WordPress works in unison with MIME (Multipurpose Internet Mail Extensions) both for protection and to help browsers quickly interpret the type of file on a web page. With that said, this CMS only supports these formats (at the time of writing):
- Document — .pdf, .psd, .doc, .docx, .xls, .xlsx, .ppt, .ppsx, .odt, .pps, .pptx (.html is permitted, but doesn’t truly fit)
- Image — .jpg, .png, .jpeg, .ico, .gif
- Video — .mp4, .mov, .m4v, ogv, .3gp, .mpg, .3g2, .wmv, .avi
- Audio — .wav, .mp3, .ogg, .m4a
With all that said, check whether you misspelled the file extension on a file. Windows, Mac, and Linux offer easy ways to see extensions. If you find it to be correct, you can also use third-party tools like cloud-based format converters to change formats. Alternatively, you may utilize suitable editors (video, audio, text, image) to open and save the initial format into a permitted one. Both methods only apply when you don’t need to keep using the original file extension.
2. Tweak your WordPress multisite network configuration (Situational)
This method doesn’t apply to single-site WordPress installation. However, owners of a multisite network have a handy, straightforward option that lets them add new file types to be uploaded to WordPress. Since all websites share identical core files, you only have to do this once, not for each separately. With all that in mind, here’s what to do:
- Access WordPress Admin on the main website.
- In the sidebar on the left-hand side, click on Settings.
- Select Network Settings.
- Find the “Upload Settings” section and the Upload file types option underneath.
- Add a new extension to the long list of those we already mentioned but without a dot. Example. If you want to add SVG images, only type “svg” separated by a single space from the one in front.
3. Manually add additional file types to the list of supported WordPress formats
Since we know lots of our readers only manage one website, we wanted to find an alternative way to fix the “Sorry, this file type is not permitted for security reasons” WordPress error. Luckily, we remembered a code snippet that adds additional file types to the uploads list we put together in the past. We provided two examples, one involving a single format, such as SVG, as well as multiple similar (SVG and SVGZ) or distinctly different ones. However, this method isn’t beginner-friendly. Always create a backup before you start, and if you don’t feel competent, opt for the one below.
4. Install a WordPress plugin to expand MIME support
Unsurprisingly, WordPress developers provided a substitute approach that permits newbies to get the same result safely. To clarify, installing WordPress plugins for this purpose lets you avoid accessing your WordPress website via FTP and editing crucial files like wp-config.php or functions.php. We have no affiliation or preferences, though. Thus, you’re free to browse the plugin repository. However, to demonstrate the procedure, we’ll use a lightweight, direct solution, WP Extra File Types by Davide Airaghi. “WP Add Mime Types by Kimiya Kitani” and “File Upload Types by WPForms” are nearly identical well-known choices, though we, again, favor none and have no ties to the developers. After installation and activation, do this:
- Open your WordPress Admin section.
- In the left sidebar, click on Settings.
- Choose the Extra File Types option.
- You’ll now see a software or file type on the left-hand side and the file extension on the right, in front of checkboxes. Tick checkboxes for extensions you want WordPress to accept and remove them for files you deem dangerous or unnecessary.
- Optional. Though the list is extensive, you can always select the + button next to Add your custom file types to introduce a file extension, description, and type.
- Don’t forget to click the Save Changes button at the bottom.
5. Allow any file type by editing your wp-config.php file
While this is a quick and effective technique to solve the “Sorry, this file type is not permitted for security reasons” error in WordPress, it can be incredibly dangerous. Make sure to find and remove any backdoors and employ any security WordPress plugins first. Proceed in this fashion afterward:
- Get to your WordPress files using FTP.
- In the root (also titled public_html, www, or website_name) folder, right-click the wp-config.php file.
- Select View/Edit or Edit.
- Scroll down until you find the
/* That's all, stop editing! Happy blogging. */
line. - Paste this code in an empty row above the line from step 4:
define('ALLOW_UNFILTERED_UPLOADS', true);
- Save the modification, sign out from WordPress Admin, then log back in. Consequently, you can upload any file type to your WordPress website, eliminating the error.
6. Reach out to your web hosting provider
Though this seems like an evident choice, many website owners forget this option exists. While they can assist you if you don’t feel competent, it’s also important to remember that the procedures above may, despite all your efforts, fail. The cause can lie in hosting file extension restrictions, especially on shared servers. Luckily, most hosting providers offer 24/7 live chat, phone, or ticket support. Ergo, you can get help or an explanation rather quickly.