Are you getting a ‘file type is not permitted’ error in WordPress? The security settings in WordPress can limit the files that you can upload.
In this article, we’ll show you how to quickly solve the error, ‘Sorry, this file type is not permitted for security reasons’.
- Install the File Upload Types Plugin
- Allow Additional File Types in WordPress
- Add Custom File Types to WordPress
Our method is completely “no-code”, you don’t need to edit any files in WordPress. It also works on regular WordPress and multisite installations.
What Is “Sorry, This File Type Is Not Permitted for Security Reasons” in WordPress?
“Sorry, this file type is not permitted for security reasons” means you’re trying to upload a file that WordPress doesn’t support. But you can easily fix this with a free WordPress plugin called File Upload Types.
WordPress only allows images, audio, documents, and video files to be uploaded, but that doesn’t mean other file types, like CSV, are a security risk. WordPress has simply locked down allowed files to stop hackers from uploading malicious content.
File Upload Types lets you add more ‘allowed’ file types to WordPress. It’s easy to use and avoids editing files in WordPress, which can cause problems with your site.
How to Fix the “File Type Is Not Permitted” Error in WordPress
Let’s add your file extension to WordPress so you don’t see “sorry, this file type is not permitted for security reasons” any more. You don’t need to use an FTP client because we’ll be working entirely in the WordPress admin area.
At the end of the article, we also added some frequently asked questions on WordPress file types that you may find helpful.
Step 1: Install the File Upload Types Plugin
To start, open up your WordPress dashboard and head to Plugins » Add New.
Search for the File Upload Types plugin in the search box at the top.
Click Install Now, and then click Activate.
Great! Now let’s add the file types you need. The good news is that we aren’t going to need to use File Manager or edit any core WordPress files to do this.
2. Allow Additional File Types in WordPress
By default, WordPress only allows the following file types:
This means you can’t upload common files types like
If the extension you want to upload isn’t on the list, we can search for it in the File Upload Types plugin to quickly enable it.
In the WordPress dashboard, click Settings » File Upload Types.
The settings for the File Upload Types plugin will open in your browser.
On the left, you can see a list of preset file types. It’s easy to add any of these file types to WordPress.
To start, in the Search File Types box, search for the file type you want to add to the allowlist in WordPress.
In this example, we’re going to search for CAD file types.
All of the preset file types for CAD files along with their MIME types.
To allow any of these file types to be uploaded in WordPress, just check the box next to each one. Then scroll down and click the orange Save Settings button.
When the page reloads, you’ll notice that the file types you selected are now listed in a new section titled Enabled.
These will no longer trigger the ‘Sorry, this file type is not permitted for security reasons’ warning.
That’s it! Now when you upload these files, you won’t get the ‘sorry, this file type is not permitted for security reasons’ message.
You might want to add more file types to the allowlist. For example, jump to this guide to accept Adobe Illustrator (AI) file uploads in WordPress.
Next up, let’s look at creating custom file types for files that aren’t on the preset list.
3. Add Custom File Types to WordPress
If the file type you want to upload isn’t listed in the File Upload Types plugin, you can add it as a custom file type easily. To do this, you’ll need to know the MIME type for the file.
MIME types are sometimes called internet file types. The MIME type describes the actual contents of the file. We can easily find the MIME type using the MIME file type checker.
Upload a file similar to the one you want to accept. The tool will look at the first few bytes and report the file type.
That’s it! Now you know the MIME type.
In this example, let’s add the
.heif file format so users can upload smartphone images to your WordPress site.
Start in the File Upload Types plugin. At the top, click the Add your custom file types link to add the new extension to the list of permitted file types.
You’ll see the Add custom file types section now. This is where you can add as many additional file types as you need.
For this file type, we’re going to type in:
- A description for the custom file type – you can type anything you want here
- The MIME type (if you need to add more than 1, separate them with a comma)
- The file extension, including the leading period
In this example, the MIME type for a
.heif file is
image/heif, so let’s go ahead and add that as a custom file type.
Once that’s done, click Save Settings.
Your custom file type will be listed in the Enabled section in the plugin.
Now we can go ahead and upload these image files without getting the ‘sorry, this file type is not permitted for security reasons’ error in WordPress.
And that’s it! Now you know how to enable unsupported file types in WordPress.
Frequently Asked Questions on File Upload Security
In this section, we’ll look at some additional questions on file upload types in WordPress.
How Do I Upload Files to WordPress?
You can use the WPForms ‘Modern’ style file upload field to let visitors drag and drop files onto your forms. They can see the filename and a preview thumbnail instantly:
And with WPForms, you can also:
- Allow visitors to upload images to your website
- Automatically save uploaded files to the WordPress Media Library
- Copy uploaded files to Google Drive
- Require payment on your file upload form.
Can I Allow Any File Extension Using the File Upload Types Plugin?
Yes, the File Upload Types plugin allows you to upload any file type you want – even executable files. This means you can accept any upload without seeing ‘Sorry, this file type is not permitted for security reasons’.
However, unless you’re an expert user, we don’t recommend that you allow executable files to be uploaded to WordPress. It gives hackers an easy way to infect your site with malware, so it’s a definite security issue.
Also, keep in mind that some file types could still be blocked for 2 reasons:
- Your form builder plugin may still block files for security reasons. For example, WPForms will always block executable files like
.html, ignoring the settings in the File Upload Types plugin.
- Sometimes your web hosting provider won’t let users upload file types on its own blocklists.
What Does MIME Mean?
MIME stands for ‘multipurpose internet mail extensions’. It was originally developed to allow media files to be sent via email. The MIME header in a file tells the computer how to process or display the contents of the file.
What Does “This File Was Not Uploaded. File Type Not Allowed” Mean?
You might see this error in WordPress after adding unsupported file types. It usually means that the MIME type doesn’t match the file you’ve tried to upload.
To fix this, check that you have the correct MIME type associated with your custom file type. You can use the MIME type checker in Step 3 (above) to do this.
Can I Block Specific File Types on Specific Forms?
Yes, in WPForms you can specify which file types you want to allow on a specific form.
To do that, click on the File Upload field to edit the settings. Type in the extensions you want to allow in the Allowed File Extensions box.
Be sure to use the correct format for the upload settings. Start each extension with a period
. and separate multiple extensions with a comma
You can also specify a maximum file size for the file upload. By default, WPForms will use the maximum file size allowed on your server. If you’re not sure what this is, you can hover your mouse over the tooltip next to the field.
If the maximum file size setting is too low, you’ll want to increase it on your server. We recommend that you reach out to your web hosting provider for assistance.
Can I Allow Unsupported File Types Without a Plugin?
Yes, you can allow any files to be uploaded by editing your site’s
wp-config.php or the WordPress theme’s
wp-config.php file, the following code allows all uploads without any filtering at all:
Keep in mind that this code presents a serious security risk. It allows hackers to upload any type of file to your website, so it’s definitely not a method we recommend.
It’s much safer to use the File Upload Types plugin because it lets you allow only the file types that you need, and it means you won’t need to worry about overwriting your changes when you update WordPress in the future.
Next Step: Add a Dropbox File Upload Form
Would you like to automatically send file uploads to a cloud storage service? Check out this article on how to add a Dropbox file upload form in WordPress. This can help you to store uploaded files in the cloud if you don’t want to keep them on your web server, or in the Media Library.
Ready to build your form? Get started today with the easiest WordPress form builder plugin. WPForms Pro includes a file upload form template and offers a 14-day money-back guarantee. You can collect payments with Square, Stripe, PayPal, and Authorize.net and do so much more.