Are you getting a ‘file type is not permitted’ error in WordPress? The security settings in WordPress can limit the files that you can upload.
In this article, we’ll show you how to quickly solve the error, ‘Sorry, this file type is not permitted for security reasons’. You don’t need to write any code to fix this error.
How Do I Fix ‘Sorry, This File Type Is Not Permitted for Security Reasons’?
The best way to fix this error is with a free WordPress plugin called File Upload Types. It lets you add more file upload types without writing any code.
By default, WordPress only allows images, audio, documents, and video files to be uploaded. This helps to stop hackers from uploading malicious files to your website, but it also means that a lot of ‘safe’ files are blocked as well.
Luckily, it’s easy to allow more ‘safe’ file uploads using File Upload Types.
How to Fix the “File Type Is Not Permitted” Error in WordPress
Work through these steps to fix the ‘sorry, this file type is not permitted for security reasons’ error in WordPress.
- Install the File Upload Types Plugin
- Allow Additional File Types in WordPress
- Add Custom File Types to WordPress
At the end of the article, we also added some frequently asked questions on WordPress file uploads.
Ready? Let’s start by installing the plugin.
Step 1: Install the File Upload Types Plugin
To start, open up your WordPress dashboard and head to Plugins » Add New.
Search for the File Upload Types plugin in the search box at the top.
Click Install Now, and then click Activate.
Great! That’s all we need to do in this step.
Now let’s open the settings for the File Upload Types plugin.
2. Allow Additional File Types in WordPress
By default, WordPress allows the following types to be uploaded:
- Images (jpg, png, gif, ico)
- Audio (mp3, wav, ogg, m4a)
- Documents (pdf, doc, ppt, odt, xls, psd)
- Video (mp4, mov, wmv, avi, mpg, ogv, 3gp, 3g2)
You might want to add more file types to the allowlist. For example, you might want to accept Adobe Illustrator (AI) file uploads.
If the extension you want to upload isn’t on the list, we can search for it in the File Upload Types plugin to quickly enable it.
In the WordPress dashboard, click Settings » File Upload Types.
The settings for the File Upload Types plugin will open in your browser.
On the left, you can see a list of preset file types. It’s easy to add any of these file types to WordPress.
To start, in the Search File Types box, search for the file type you want to add to the allowlist in WordPress.
In this example, we’re going to search for CAD file types.
All of the preset file types for CAD files along with their MIME types.
To allow any of these file types to be uploaded in WordPress, just check the box next to each one. Then scroll down and click the orange Save Settings button.
When the page reloads, you’ll notice that the file types you selected are now listed in a new section titled Enabled.
That’s it! Now when you upload these files, you won’t get the ‘sorry, this file type is not permitted for security reasons’ error.
Next up, let’s look at creating custom file types for files that aren’t on the preset list.
3. Add Custom File Types to WordPress
If the file type you want to upload isn’t listed in the File Upload Types plugin, you can add it as a custom file type.
To do this, you’ll need to know the MIME type for the file.
MIME types are sometimes called internet file types. The MIME type describes the actual contents of the file.
If you’re unsure about the MIME type, you can use a MIME file type checker. When you upload your file, the tool will look at the first few bytes and report the file type.
As an example, let’s add the
.heif extension as a custom file type in WordPress. This a file type that some smartphones use to save images.
Start in the File Upload Types plugin. At the top, click the Add your custom file types link to begin.
You’ll see the Add custom file types section now. Go ahead and type in:
- A description for your custom file type – you can type anything you want here
- The MIME type (if you need to add more than 1, separate them with a comma)
- The file extension, including the leading period
In this example, the MIME type for a
.heif file is
image/heif, so let’s go ahead and add that as a custom file type.
Once that’s done, click Save Settings.
Your custom file type will be listed in the Enabled section in the plugin.
Now we can go ahead and upload iPhone photos without getting the ‘sorry, this file type is not permitted for security reasons’ error in WordPress.
Frequently Asked Questions on File Uploads
In this section, we’ll look at some additional questions on file upload types in WordPress.
How do I upload files to WordPress?
You can use the WPForms Modern file upload field to let visitors drag and drop files onto your forms like this:
And with WPForms, you can also:
- Switch between Modern and Classic file upload fields
- Allow visitors to upload images to your website
- Automatically save uploaded files to the WordPress Media Library
- Copy uploaded files to Google Drive
- Require payment on a file upload form.
Can I allow any file extension using File Upload Types?
Yes, the File Upload Types plugin allows you to upload any file type, including executable files.
But unless you’re an expert user, we don’t recommend that you allow executable files to be uploaded to WordPress. It gives hackers an easy way to infect your site with malware.
Also, keep in mind that your form builder plugin may still block executable files for security reasons, even if you allow executables in the File Upload Types plugin. For example, WPForms will always block executable files like
After adding a custom file type, I still see the error, ‘This file was not uploaded. File type not allowed’
To fix this, check that you have the correct MIME type associated with your custom file type. You can use the MIME type checker in Step 3 to do this.
Can I block file types on specific forms?
Yes, in WPForms you can specify which file types you want to allow on a specific form.
To do that, click on the File Upload field to edit the settings. You can type in the extensions you want to allow in the Allowed File Extensions box.
Start each extension with a period
. and separate multiple extensions with a comma
You can also specify a maximum file size. By default, WPForms will use the maximum file size allowed on your server. If you’re not sure what this is, you can hover your mouse over the tooltip next to the field.
If the maximum file size setting is too low, you’ll want to increase it on your server. We recommend that you reach out to your host for assistance.
Next Step: Add a Dropbox File Upload Form
Would you like to automatically send file uploads to a cloud storage service?
Check out this article on how to add a Dropbox file upload form in WordPress.
Ready to build your form? Get started today with the easiest WordPress form builder plugin. WPForms Pro includes a file upload form template and offers a 14-day money-back guarantee.