And so, you only tried to upload a file to your WordPress website and, instead of successfully uploading, yous received an error message that said, "Deplorable, this file type is non permitted for security reasons."

Your start instinct might be to panic. Did yous just almost upload a corrupted file to your site? Was it malware? Is your site compromised now?

Don't worry — while this message might seem ominous, information technology just means that WordPress does not support the file type you tried to upload. In this mail service, we'll examine what causes this error message and expect at a few free and easy ways to resolve information technology.

Grow Your Business With HubSpot's Tools for WordPress Websites

What causes the "sorry, this file type is non permitted for security reasons" mistake in WordPress?

By default, WordPress restricts the types of files that y'all can upload to your site for security reasons. When yous try to upload a file blazon that WordPress does not support, you'll meet the "sorry, this file type is not permitted for security reasons" error message.

For case, let's say I try to upload an AVIF file to WordPress. AVIF is an image format that stores compressed images. Although this format promises to be a game-changer in image compression, it'southward however relatively new and therefore non a popular file format.

WordPress does not back up this file blazon. If I try to upload an AVIF file, I'll receive the "sorry, this file type is not permitted for security reasons" error. Here's how that mistake looks in the Gutenberg editor:

If you simply upload file types that WordPress supports, y'all probably won't ever see this error message. Next, let's review what those file types are.

WordPress Allowed File Types

WordPress supports a wide range of file types including the well-nigh mutual images, video, document, and audio formats. These file types are also known equally Multipurpose Internet Mail Extensions, or MIME types. MIME types assist browsers figure out what type of content has been uploaded to a web page.

If you upload a .jpeg file and .png file, for case, the browser uses their MIME types to determine that these are both image files. Similarly, if you upload a .mp3 or a .wav file, the MIME type signals to the browser that these are sound files.

WordPress supports uploading the post-obit file types:

Images

  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico

Document

  • .pdf
  • .medico, .docx
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd

Audio

  • .mp3
  • .m4a
  • .ogg
  • .wav

Video

  • .mp4, .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2

Note that you lot can upload HTML files to WordPress in addition to the files listed in a higher place. Too, we don't recommend uploading videos directly to your WordPress media library, since they utilise up significant storage and can irksome downwardly your website. Instead, opt for a video hosting service to store your videos.

These file types are all quite common. Yet, you may desire to upload a file type that'south not on this list. Or, you lot may be trying to upload one of these permitted file types and withal get the "deplorable, this file blazon is not permitted for security reasons" fault message.

In either case, there are steps you can have to avert this error bulletin.

How to Set the "Sorry, This File Type Is Not Permitted for Security Reasons" Fault

  1. Cheque your file type extension.
  2. Change your multisite network settings.
  3. Edit your wp-config.php file to upload whatever file type.
  4. Edit your theme'due south functions.php file to modify permitted file types.
  5. Install a plugin to add more permitted file types.
  6. Contact your hosting provider.

1. Bank check your file blazon extension.

Before you start irresolute your WordPress settings or files, check the extension of the file you're trying to upload. Maybe you accidentally changed the extension when saving the file. So, the reason y'all're seeing the fault bulletin is non a problem with your wp-config.php or functions.php file — information technology'southward that you lot're trying to upload an epitome in a video format.

In the example below, I tried to upload a .jpg file as an .avi file and got the error bulletin as a result.

Incorrect file name extension causing the "

This is an like shooting fish in a barrel starting time step: If the file proper name extension is incorrect, then you tin fix it and upload the file in the correct format. If it is correct, move on to the adjacent stride.

2. Alter your multisite network settings.

If you lot are running a multisite installation — a network of sites that all share the aforementioned WordPress installation core files — so you can easily add more allowed file types.

To add together a file type, click Settings > Network Settings in your dashboard, then curlicue down to Upload Settings. In the input field next to Upload file types, add the extension for the file type you desire to upload. Then, save your changes.

Adding allowed file types in upload settings of WordPress multisite installation

Users on any site in your network will at present be permitted to upload all the file types listed here.

If you are running a unmarried-site WordPress installation, you lot won't have this option in your settings. You'll need to try i of the steps below.

iii. Edit your wp-config.php file to upload any file blazon.

If you want to allow any and all file types to be uploaded to your site, you just need to add one line of code to your wp-config.php file.

It's relatively simple to do this, merely as a all-time practice, you lot should e'er make a backup of your wp-config.php file before editing. Even a small error in the file can make your site inaccessible.

Once you lot've made a copy of your wp-config.php file, follow the steps below to permit any file type upload.

  • Admission File Managing director via your hosting control panel.
  • Open up your public_html folder.
  • Locate and right-click the wp-config.php file, then cull Edit.
  • Gyre to the bottom of the file.
  • At the terminate of the file, you'll see the line: /* That's all, finish editing! Happy blogging. */. Above this line, paste the post-obit code:
                                          
define('ALLOW_UNFILTERED_UPLOADS', true);
  • Save your changes to the file.
  • Log out of WordPress, then sign back in. You should now be allowed to upload any file type.
  • Salve your changes. Y'all should now exist allowed to upload the new file types.

This is a relatively easy solution, but not platonic for every website. If multiple users are uploading files on your WordPress site, for example, you may want to specify which file types are permitted. In that case, keep reading.

4. Edit your theme's functions.php file to modify permitted file types.

If you desire to permit simply certain file types to exist uploaded to your site, you can use the Upload_Mimes Filter. Here's how:

  • Access File Manager via your hosting control panel.
  • Open your wp-content folder.
  • Open your themes folder.
  • Locate and right-click the functions.php file, and so choose Edit.
  • Scroll to the bottom of the file and paste the following code:
                                          
part cc_mime_types($mimes) {
                      
    // New allowed mime types.
                      
  $mimes['svg'] = 'image/svg+xml';
                      
  $mimes['svgz'] = 'image/svg+xml';
                      
  render $mimes;
                      
}
                      
add_filter( 'upload_mimes', 'my_custom_mime_types' );

Note that the lawmaking to a higher place allows SVG and SVGZ files. You can change or add MIME types to this lawmaking snippet depending on what file types you want to upload.

While advanced users won't have a problem adding code to their functions.php or wp-config.php files, beginners might. In that case, y'all can employ a WordPress plugin too.

five. Install a plugin to add more permitted file types.

If yous'd prefer not to edit your wp-config.php or functions.php files directly, and so yous can use a plugin to add together permitted file types on your website.

WP Add Mime Types and File Upload Types by WPForms are 2 such plugins. While both are free from the official WordPress directory and highly rated, the File Upload Types plugin is more beginner-friendly. Follow these steps to use it:

  • Install and activate the File Upload Types by WPForms plugin.
  • Under Settings, click File Upload Types.
  • Check the boxes next to the file types you want to upload. The listing is pretty long, but you can search for your extension using the search bar in the top correct. If your extension isn't on the list, you tin can add your own custom file type at the bottom.
  • When finished, click Salve Settings. You should now be allowed to upload the new file types.

Adding more permitted file types using File Upload Types by WPForms plugin

vi. Contact your hosting provider.

If y'all've tried all the steps above and are even so getting an mistake message, then contact your WordPress hosting provider support team and describe your consequence.

It's possible that your provider has stricter limits on the file types you can upload than WordPress has by default. In that example, the steps to a higher place won't resolve the "sorry, this file blazon is not permitted for security reasons" error, but your provider'south customer support probable can.

Securing Your File Uploads

Fifty-fifty though there are ways to go around the "deplorable, this file type is not permitted for security reasons" error, that doesn't hateful you should ignore the security issues that WordPress sites can feel. WordPress restricts the file types you can upload because allowing whatever file type would make it easier for bots and hackers to place malware on your site.

That's why nosotros recommend specifying which file types you desire to allow as to not open your website to any type of file, and consider preventing users with lower roles from uploading files to your site.

Additionally, only upload plugin and theme files downloaded from legitimate sources, every bit these files are some of the virtually mutual causes of compromised WordPress sites. And, comport regular malware scans for harmful code that may accept found its way in via an upload.

For more than ways to protect your site from hacking attempts, run across our full guide to WordPress security.

Uploading File Types in WordPress

A "sorry, this file type is non permitted for security reasons" error can be frustrating for site admins and users. The good news is that the steps to a higher place can either resolve the error or let you to command which file types yous're able to upload — without compromising the security of your WordPress site.

Editor's note: This postal service was originally published in January 2021 and has been updated for comprehensiveness.

Use HubSpot tools on your WordPress website and connect the two platforms without dealing with code. Click here to learn more.

Use HubSpot tools on your WordPress website and connect the two platforms without dealing with code. Click here to learn more.

Originally published Oct 5, 2021 7:00:00 AM, updated October 05 2021