Fix the File Type is Not Permitted error

How to Fix ‘Sorry, This File Type Is Not Permitted For Security Reasons’

Are you seeing a ‘file type is not permitted’ error when uploading files in WordPress?

I’ve run into this WordPress error on multiple sites, but it easy to fix. I’ll show you how.

This method is completely “no-code” — you don’t need to edit any files in WordPress. It works on regular WordPress sites and WordPress multisite too.

Best of all, the plugin we’ll use is free.

What Does “Sorry, This File Type Is Not Permitted for Security Reasons” Mean?

The error Sorry, this file type is not permitted for security reasons appears when you try to upload a file that WordPress doesn’t allow ‘out of the box’.

For security reasons, WordPress only allows the following file types by default:

Category Extensions
Images .jpg .jpeg .png .gif .ico
Audio files .mp3 .wav .ogg .m4a
Documents .pdf .doc .docx .ppt .pptx .pps .ppsx.odt .xls .xlsx .psd
Video files .mp4 .m4v .mov .wmv .avi .mpg .ogv .3gp .3g2

That doesn’t mean other file types, like CSV, are a security risk. WordPress has simply locked down file uploads to the bare minimum that most people need.

These settings can be relaxed to allow legitimate files to be uploaded.

How to Fix “File Type Is Not Permitted”

We’re going to use a free WordPress plugin called File Upload Types to fix this error.

It lets you add more ‘allowed’ file types to WordPress without writing any code or editing important WordPress files, so it’s ideal for beginners.

You don’t need to use an FTP client — we’ll be working entirely in the WordPress admin area, so this is an easy process too.

1. Install File Upload Types Plugin

The first thing we need to do is install the File Upload Types plugin.

The plugin is 100% free, and you can trust it: it was created by the same team that created WPForms!

To start, open up your WordPress dashboard and head to Plugins » Add New.

Add New plugin in WordPress

Search for the File Upload Types plugin in the search box at the top.

Search for the File Upload Types plugin

Click Install Now, and then click Activate.

Activate File Upload Types plugin to fix 'file type is not permitted' error

Great! Now let’s add the file types you need.

2. Enable New File Type in WordPress

In the WordPress dashboard, click Settings » File Upload Types.

Click the File Upload Types WordPress menu to fix file type not allowed

The settings for the File Upload Types plugin will open in your browser.

File Upload Types plugin settings

Many people need to allow common files types like .csv, .heic, and .svg in WordPress, so File Upload Types has some presets ready to go. I’ll explain those first.

Adding a Preset File Type

To find out if the preset for your file exists, search for the file type in the Search File Types box.

In this example, we’re going to search for AutoCad .cad file types.

Search for file type to fix file type not allowed error

Notice how multiple files appear along with different extensions and MIME types. You’ll want to select the one that matches the extension and the MIME type.

What Is a MIME Type?

MIME types are sometimes called internet file types.

The MIME type describes the file’s actual contents so that your computer or server can interpret it correctly.

When using File Upload Types, you’ll want to be 100% sure that the MIME type is the same as the preset says.

Luckily, we can easily find the MIME type of any file using this free MIME file type checker. Just upload a file similar to the one you want to accept and the tool will tell you the MIME type.

Check the MIME type for file not permitted error

That’s it! Now you can compare the MIME type with the preset to find out if the preset matches.

Check the box next to each file type you want to enable, then scroll down and click the orange Save Settings button.

Select file types to add to the allowlist to fix the file type is not allowed error

When the page reloads, you’ll notice that the file types you selected are now listed in a new section titled Enabled.

These will no longer trigger the ‘Sorry, this file type is not permitted for security reasons’ warning.

Fixed 'sorry, this file type is not permitted for security reasons'

If you need to run through this again, we have a guide on how to accept Adobe Illustrator (AI) file uploads in WordPress that goes into a little more detail.

Next up, let’s look at creating custom file types for files that aren’t on the preset list.

Adding a Custom File Type

If the file type you want to upload isn’t listed in the File Upload Types plugin, you can add it as a custom entry.

You should also use a custom entry if you see the error, This file was not uploaded. File type not allowed. ‘File type not allowed’ typically means that your MIME type doesn’t match the MIME type that WordPress is expecting to see.

To fix this, you’ll need to know the correct MIME type for the custom file type you want to add. Again, check an example with the free MIME file type checker before you continue.

In this example, we’ll add the .heif file format so users can upload smartphone images to your WordPress site.

(I already verified the MIME type of my test file: image/heif.)

In the File Upload Types plugin, click the Add your custom file types link.

Add custom MIME type to fix file type is not allowed error

For this file type, we’re going to type in:

  • A description for the custom file type – you can type anything you want here
  • The MIME type (if you need to add more than 1, separate them with a comma)
  • The file extension, including the leading period .

In this example, we’re adding .heif files with the MIME type image/heif.

Custom file upload type added to WordPress

Once that’s done, click Save Settings.

Your custom file type will be listed in the Enabled section in the plugin.

Heif uploads enabled in WordPress

Now we can go ahead and upload these image files without getting the ‘sorry, this file type is not permitted for security reasons’ error in WordPress.

And that’s it! Now you know how to enable unsupported file types in WordPress.

Create a File Upload Form Now

FAQs about File Types and MIME Types

In this section, we’ll look at some additional questions on file upload types in WordPress.

How Do I Upload Files to WordPress?

To create a file upload form, you need WPForms. It’s the best file upload plugin for WordPress and it comes with a ready-made file upload form template.

WPForms has a bunch of features to make uploading files easy and intuitive. For example, the ‘Modern’ style file upload field lets visitors drag and drop files onto your forms.

Modern file upload drag and drop

What Does MIME Mean?

MIME stands for ‘multipurpose internet mail extensions’. It was originally developed to allow media files to be sent via email.

The MIME header in a file tells the computer how to process or display the contents of the file.

What Does “This File Was Not Uploaded. File Type Not Allowed” Mean?

You might see this error in WordPress after adding unsupported file types. It usually means that the MIME type doesn’t match the file you’ve tried to upload.

(Sometimes, you’ll also see this on your computer: Windows also doesn’t like unrecognized MIME types, and it will display, “it looks like we don’t support this file format” if you have a mismatch.)

To fix this, check that you have the correct MIME type associated with your custom file type. You can use the MIME type checker (see above) to do this.

Can I Allow Any File Extension Using the File Upload Types Plugin?

Yes, the File Upload Types plugin allows you to enable any file type or MIME type you want. However, keep in mind that other plugins, or your hosting company, may override it for security reasons. For example:

  • Your form builder plugin may still block files that are commonly used by hackers. For example, WPForms will always block executable files like .exe .msi and .html, ignoring the settings in the File Upload Types plugin.
  • Sometimes, your web hosting provider won’t let users upload file types on its own blocklists. These blocks help to prevent hackers from taking advantage of plugin vulnerabilities.

Are There Security Risks Involved in Adding File Types?

If you’re careful, there won’t be any security risks. But it’s important to note that File Upload Types is a powerful plugin. It will allow any file type you add – even executable files.

We never recommend allowing executable files to be uploaded to WordPress. It gives hackers an easy way to infect your site with malware.

If you’re using WPForms, it won’t allow executable files to be uploaded, even if you’ve added them to your allowlist.

Can I Allow Specific File Types on Specific Forms?

Yes, in WPForms you can specify which file types you want to allow on a specific form.

To do that, click on the File Upload field to edit the settings. Type in the extensions you want to allow in the Allowed File Extensions box.

Be sure to use the correct format for the upload settings. Start each extension with a period . and separate multiple extensions with a comma ,

Choose the file extensions on your file upload form

Those will be the permitted file types for that specific form.

You can also specify a maximum file size for each file upload if you want to. By default, WPForms will use the maximum file size allowed on your server. If you’re not sure what this is, you can hover your mouse over the tooltip next to the field.

Allow file types on file upload form in WordPress

If the maximum file size setting is too low, you’ll want to increase it on your server. We recommend that you reach out to your web hosting provider for assistance.

Can I Allow Unsupported File Types Without a Plugin?

Yes. We don’t recommend this method.

You can allow any files to be uploaded by editing your site’s wp-config.php or the WordPress theme’s functions.php file in File Manager.

In the wp-config.php file, adding the following code will allow all uploads without any filtering at all:

define('ALLOW_UNFILTERED_UPLOADS', true);

Keep in mind that this code allows hackers to upload any type of file to your website, so it’s not recommended unless your site is locally hosted and you’re just testing things out.

Pro tip: If you need to edit any files in WordPress, or add any code snippets to your site, we strongly recommend that you use the WPCode plugin. It’s much safer than editing core files directly.

Create Your WordPress File Upload Form Now

Next Step: Add a Dropbox File Upload Form

Would you like to automatically send file uploads to a cloud storage service? Check out this article on how to add a Dropbox file upload form in WordPress.

This can help you to store uploaded files in the cloud if you don’t want to keep them on your web server, or in the Media Library.

Ready to build your form? Get started today with the easiest WordPress form builder plugin. WPForms Pro includes a file upload form template and offers a 14-day money-back guarantee.

If this article helped you out, please follow us on Facebook and Twitter for more free WordPress tutorials and guides.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPForms is funded, why it matters, and how you can support us.

Claire Broadley

Claire is the Content Manager for the WPForms team. She has 13+ years' experience writing about WordPress and web hosting. Learn More

The Best WordPress Drag and Drop Form Builder Plugin

Easy, Fast, and Secure. Join over 6 million website owners who trust WPForms.

Please enable JavaScript in your browser to complete this form.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.