Do you want to allow more file types to be uploaded in your forms? Allowing more file formats to be uploaded to your site can provide more convenience for you and your users.
In this tutorial, we’ll show you how to add different file extensions, without compromising the security of your site.
- File Types Allowed By Default
- Adding More File Upload Types
- Tips for Securing WordPress File Uploads
- Frequently Asked Questions
Note: Are you looking for instructions on creating a File Upload Form? Then be sure to check out our guide to the File Upload field.
File Types Allowed By Default
By default, WordPress only allows for certain types of files for security reasons. The common file formats include:
- Images like .png, .gif, .jpg
- Documents such as .doc, .xls, .ppt, .pdf
- Audio like .wav, .mp3, .mp4
- Video like .mpg, .mov, .wmv
Please note that some of the below file types do have the potential be misused. That’s why WordPress doesn’t enable them by default.
- Images such as .svg, .bmp
- Documents like .psd, .ai, .pages
- Code files such as .css, .js, .json
- Video like .flv, .f4l, .qt
Adding More File Upload Types
To configure your site to accept additional file formats, you’ll need to install File Upload Types, a free WordPress plugin by WPForms.
For details on how to add a plugin to your site, you might want to check out WPBeginner’s guide on how to install a plugin.
Preset Options
Once you’ve installed the File Upload Types plugin, in your WordPress admin area go to Settings » File Upload Types. On this page you can select the extra file types you’d like users to upload.
Adding Custom Types
If you’d like to include a file format that is not found in the preset list, you can include your own.
To do this, scroll down to Add Custom File Types. Then, you’ll need to specify a file format. This is done through 3 fields:
- File Description: The name of the file type. This will only be visible in your File Upload Types settings, so you can add any details that make sense to you.
- MIME Type: The category and data type represented by the new file type.
- Extension: The extension type that will be associated with this file (e.g., .jpg, .docx, etc.).
Note: MIME is a form of file identification on the web. For more details on MIME, and a complete list of MIME types, you can check out Mozilla’s documentation. To determine what MIME type a file is, you can use an online file checker like this one.
As an example, here’s the field with the information for a YAML file type:
Once you’ve filled in all these details, click on the Save Settings button to apply the settings to your site.
You can also add another custom file type by clicking on the + (plus), or remove a file type by clicking the trash can button.
Allowing Multiple MIME Types
If you’re adding a file type that has several aliases (or possible MIME types), you can also add these into the MIME Types field. This is especially helpful to ensure the proper upload for files that may have the same extension, but different MIME types.
Note: If you’re not sure if your file type has aliases, you can check out this reference guide for a partial list.
In order to use this feature, you’ll need to select the Enable multiple MIME type support option within the plugin.
Note: If you don’t see this banner in your plugin, this means this option is already turned on for your site.
Once you’ve turned this setting on, you can then add aliases to the MIME Type field, separating each type by a comma.
For example, we’ll add the application/photoshop, application/psd, and image/photoshop aliases for a Photoshop file:
Once those settings are added, make sure to click the Save Settings button to apply the settings to your site.
Tips for Securing WordPress File Uploads
It may be convenient to allow users to upload all sorts of file formats, but it isn’t very secure. You can keep your site more secure while allowing for specific upload types by following these tips:
- Require users to be registered and logged in to submit your form
- Limit the file upload types to only those that you really need.
- Limit the file upload size
Frequently Asked Questions
I added my additional file type, but I’m still seeing a “File type not allowed” error.
In this case, you’ll want to be sure that the file you’re trying to upload has a MIME type that matches the one you’ve added to your site. You can quickly and easily check your file’s MIME type to be sure its type matches.
If your MIME type matches and still won’t upload, it’s important to know that WPForms does blacklist certain file types, and will block these files from being uploaded, even if they’ve been added using our plugin. The complete list of file types are:
| ade | adp | app | asp |
| bas | bat | cer | cgi |
| chm | com | cpl | crt |
| csh | csr | dll | drv |
| exe | fxp | flv | hlp |
| hta | htaccess | htm | html |
| htpasswd | inf | ins | isp |
| jar | js | jse | jsp |
| ksh | lnk | mdb | mde |
| mdt | mdw | msc | msi |
| msp | mst | ops | pcd |
| php | pif | pl | prg |
| ps1 | ps2 | py | rb |
| scr | sct | sh | shb |
| shs | swf | tmp | torrent |
| url | vb | vbe | vbs |
| vbscript | wsc | wsf | wsh |
| dfxp | onetmp |
That’s it! You can now allow users to upload additional file types using your file upload form.
Do you want to get more tips for securing your site? Then be sure to check out WPBeginnner’s free ultimate guide to WordPress security.