How to Allow Additional File Upload Types

Do you want to allow more file types to be uploaded in your forms? Allowing more file formats to be uploaded to your site can provide more convenience for you and your users.

In this tutorial, we’ll show you how to add different file extensions, without compromising the security of your site.

Note: Are you looking for instructions on creating a File Upload Form? Then be sure to check out our guide to the File Upload field.


File Types Allowed By Default

By default, WordPress only allows for certain types of files for security reasons. The common file formats include:

  • Images like .png, .gif, .jpg
  • Documents such as .doc, .xls, .ppt, .pdf
  • Audio like .wav, .mp3, .mp4
  • Video like .mpg, .mov, .wmv

Please note that some of the below file types do have the potential be misused. That’s why WordPress doesn’t enable them by default.

  • Images such as .svg, .bmp
  • Documents like .psd, .ai, .pages
  • Code files such as .css, .js, .json
  • Video like .flv, .f4l, .qt

Adding More File Upload Types

To configure your site to accept additional file formats, you’ll need to install File Upload Types, a free WordPress plugin by WPForms.

For details on how to add a plugin to your site, you might want to check out WPBeginner’s guide on how to install a plugin.

Preset Options

Once you’ve installed the File Upload Types plugin, in your WordPress admin area go to Settings » File Upload Types. On this page you can select the extra file types you’d like users to upload.

File upload types

Adding Custom Types

If you’d like to include a file format that is not found in the preset list, you can include your own.

To do this, scroll down to Add Custom File Types. Then, you’ll need to specify a file format. This is done through 3 fields:

  • File Description: The name of the file type. This will only be visible in your File Upload Types settings, so you can add any details that make sense to you.
  • MIME Type: The category and data type represented by the new file type.
  • Extension: The extension type that will be associated with this file (e.g., .jpg, .docx, etc.).

Note: MIME is a form of file identification on the web. For more details on MIME, and a complete list of MIME types, you can check out Mozilla’s documentation. To determine what MIME type a file is, you can use an online file checker like this one.

As an example, here’s the field with the information for a YAML file type:

Add YAML custom file type

Once you’ve filled in all these details, click on the Save Settings button to apply the settings to your site.

You can also add another custom file type by clicking on the + (plus), or remove a file type by clicking the trash can button.

Add or Delete a File Type

Allowing Multiple MIME Types

If you’re adding a file type that has several aliases (or possible MIME types), you can also add these into the MIME Types field. This is especially helpful to ensure the proper upload for files that may have the same extension, but different MIME types.

Note: If you’re not sure if your file type has aliases, you can check out this reference guide for a partial list.

In order to use this feature, you’ll need to select the Enable multiple MIME type support option within the plugin.

Enable Multiple MIME Support

Note: If you don’t see this banner in your plugin, this means this option is already turned on for your site.

Once you’ve turned this setting on, you can then add aliases to the MIME Type field, separating each type by a comma.

For example, we’ll add the application/photoshop, application/psd, and image/photoshop aliases for a Photoshop file:

Photoshop alias MIME types

Once those settings are added, make sure to click the Save Settings button to apply the settings to your site.

Tips for Securing WordPress File Uploads

It may be convenient to allow users to upload all sorts of file formats, but it isn’t very secure. You can keep your site more secure while allowing for specific upload types by following these tips:

configure maximum file size

Frequently Asked Questions

I added my additional file type, but I’m still seeing a “File type not allowed” error.

In this case, you’ll want to be sure that the file you’re trying to upload has a MIME type that matches the one you’ve added to your site. You can quickly and easily check your file’s MIME type to be sure its type matches.

If your MIME type matches and still won’t upload, it’s important to know that WPForms does blacklist certain file types, and will block these files from being uploaded, even if they’ve been added using our plugin. The complete list of file types are:

ade adp app asp
bas bat cer cgi
chm com cpl crt
csh csr dll drv
exe fxp flv hlp
hta htaccess htm html
htpasswd inf ins isp
jar js jse jsp
ksh lnk mdb mde
mdt mdw msc msi
msp mst ops pcd
php pif pl prg
ps1 ps2 py rb
scr sct sh shb
shs swf tmp torrent
url vb vbe vbs
vbscript wsc wsf wsh
dfxp onetmp

That’s it! You can now allow users to upload additional file types using your file upload form.

Do you want to get more tips for securing your site? Then be sure to check out WPBeginnner’s free ultimate guide to WordPress security.