Fix WordPress Error – Sorry, This File Type Is Not Permitted For Security Reasons

Last modified: June 17, 2020
You are here:
  • KB Home
  • Wordpress
  • Fix WordPress Error – Sorry, This File Type Is Not Permitted For Security Reasons
Estimated reading time: 3 min

The WordPress shows this error “Sorry, this file type is not permitted for security reasons” when you try to upload files to your website through admin dashboard. The users are only allowed to upload certain file types to WordPress websites for security reasons. This is to prevent users from uploading executable files to their websites. WordPress allows users to upload only the following file types. If you try to upload any other file types then you get the error message “Sorry, this file type is not permitted for security reasons”.

 

Images

.jpg

.jpeg

.png

.gif

 

Documents

.pdf (Portable Document Format; Adobe Acrobat)

.doc, .docx (Microsoft Word Document)

.ppt, .pptx, .pps, .ppsx (Microsoft PowerPoint Presentation)

.odt (OpenDocument Text Document)

.xls, .xlsx (Microsoft Excel Document)

 

Audio

.mp3

.m4a

.ogg

.wav

.midi

.mid

.wma

.mp4

.m4v

.flv

 

Video

.mp4, .m4v (MPEG-4)

.mov (QuickTime)

.wmv (Windows Media Video)

.avi

.mpg

.ogv (Ogg)

.3gp (3GPP)

.3g2 (3GPP2)

.webm

.ogv

 

Others

.zip

.key

 

Solution

There are a number of solutions to fix this security issue. Here I will explain each method to rectify this issue.

 

Multisite Settings

You can fix this security issue very easily if you are using WordPress Multisite. You can add the file type that you want to upload in the “Upload file types “option in WordPress Multisite settings in the network admin area. Please navigate to Network Admin Area >>> Settings >>> Upload Settings and add the necessary file types into it. Ensure that the file types are separated with a space not by a comma.

 

WordPress Plugins

Sometimes this security issue can be caused by any of the active plugins on your website. You need to deactivate plugins in bulk and then try to upload files. If you can upload files by now, then some of your plugins are the culprit. Then try to activate plugins one by one and see if the issue can be recreated. When the same error message displays, you can confirm the last activated plugin is the culprit. Please see our Knowledge Base to activate/deactivate WordPress plugins.

https://www.interserver.net/tips/kb/how-to-disable-plugins-in-wordpress/

 

You can also install and configure any of the following WordPress plugins to allow upload file types.

1) WP Add Mime Types

2) Mime Types Extended

3) Unsafe Mime types

4) Mime Types Plus

 

Allow All File Types

You can also setup WordPress to allow to upload all file types. This can be performed with the help of a WordPress constant “ALLOW_UNFILTERED_UPLOADS”. You can set the WordPress constant “ALLOW_UNFILTERED_UPLOADS” to true” in wp-config.php file of your WordPress install. The wp-config.php file can be found in the root directory of your WordPress install. Using your favorite editor (vi editor) open the wp-config.php file and add the following line somewhere in the file. You can also use File Manager to edit the WordPress configuration file.

define(‘ALLOW_UNFILTERED_UPLOADS’, true)

Don’t forget to save the config file after editing.

 

Allow Specific File Types

If you need only specific file types to be uploaded, add the following code in functions.php of your current WordPress theme. You can find the functions.php in the following location /path/to/Wordpress-root-install/wp-contents/themes/current-theme/functions.php. You can use your favorite editor or File Manager to add this code.

function enable_extended_upload ( $mime_types =array() ) {

// The MIME types listed here will be allowed in the media library.

// You can add as many MIME types as you want.

$mime_types[‘gz’]  = ‘application/x-gzip’;

$mime_types[‘zip’]  = ‘application/zip’;

$mime_types[‘rtf’] = ‘application/rtf’;

$mime_types[‘ppt’] = ‘application/mspowerpoint’;

$mime_types[‘ps’] = ‘application/postscript’;

$mime_types[‘flv’] = ‘video/x-flv’;

// If you want to forbid specific file types which are otherwise allowed,

// specify them here.  You can add as many as possible.

unset( $mime_types[‘exe’] );

unset( $mime_types[‘bin’] );

return $mime_types;

}

add_filter(‘upload_mimes’, ‘enable_extended_upload’);

 

Please change the above code with required file types to be uploaded.

I hope this tutorial has helped you fix this security issue.

 

If you need any further assistance please contact our support department.

 

 

ONE RESPONSE TO “FIX WORDPRESS ERROR – SORRY, THIS FILE TYPE IS NOT PERMITTED FOR SECURITY REASONS”

  1. Miki says:

    Very comprehensive. Yet 2 comments:

    1. Most users are likely to prefer the simple and fast solution “Allow All File Types”. Why don’t you put it at the top and mention that it is the easiest and fastest? You can add a note that there are risks to do this, and additional solutions are listed below.

    2. You recommended adding in wp-config.php file the following line

    define(‘ALLOW_UNFILTERED_UPLOADS’, true)

    But this will not work!
    What will work is to add

    define(‘ALLOW_UNFILTERED_UPLOADS’, true);

    You made an assumption that everyone knows that there needs to be also this “;” at the end. You should not assume that users are all programmers. Just give a full line of what needs to be added.

Was this article helpful?
Dislike 0
Views: 12