Introduction:
When you upload a file to the WordPress media library, users may see the “Sorry, This File Type Is Not Permitted for Security Reasons” error because WordPress does not support those files.
By default, WordPress supports images, audio, documents, and video in the following file types:
Images: .jpg, .jpeg, .png, .gif, .ico
Audio: .mp3, .m4a, .wav, .ogg
Documents: .pdf, .doc, .docx, .ppt, .pptx, .pps, .ppsx, .odt, .xls, .xlsx, .psd
Video: .mp4, .m4v, .mov, .wmv, .avi, .mpg, .ogv, .3gp, .3g2
If you upload a file outside the above-mentioned default file type, you will receive the “Sorry, this file type is not permitted for security reasons” error.
.woff for custom fonts, and .svg or .tiff for images not supported by WordPress.
This limitation prevents users from accidentally uploading malicious files to their WordPress website, reducing cyberattacks and mistakes in security.
Try these six methods to resolve the "Sorry, this file type is not permitted for security reasons" error in WordPress.
1. Double-check the file type extension's spelling.
Users can get the error message "Sorry, this file type is not permitted for security reasons" even when uploading allowed file formats.
If the file name extension is incorrect or has been accidentally modified, WordPress may not be able to recognize the file.
- Go to the File Explorer.
- Select your file and click on View from the Top navigation menu.
- Check the checkbox for File name extensions.
- If the extension is incorrect, right-click on it and select the rename option to rename the extension.
2. Edit the wp-config.php file
Users can upload any number of file types, including those that aren't supported, by editing the wp-config.php file in the media library.
First, take a backup of your entire WordPress website.
- Log into your CPanel account.
- Scroll down to Files and select File Manager.
- Inside the public_html directory, choose wp-config.php file.
- Right-click on it and choose Edit.
- Add the following code: define('ALLOW_UNFILTERED_UPLOADS', true);
- Click on Save Changes.
3. Edit the themes’s function.php file
- Log into your CPanel account.
- Scroll down to Files and select File Manager.
- Inside the public_html directory, select the wp-content folder.
- Inside the wp-content folder, Select the themes folder.
- Select your active theme; For example, here, we have twentytwentyone.
- Select the function.php file, right-click, and choose the Edit option.
- Add the following code:
function custom_mime_types( $mimes ) {
// Add your new MIME types here
$mimes[‘gpx’] = ‘text/gpsxml’;
return $mimes;
}
add_filter( ‘upload_mimes’, ‘custom_mime_types’ );Replace $mimes[‘gpx’] = ‘text/gpsxml’ with your preferred MIME type.
- Click on Save Changes.
4. Add permitted file type - using the WordPress plugin
- Log into your WordPress Dashboard.
- Scroll down to the Plugins > Add New.
- Search for the WP Add Mime Types plugin, click Install Now, and then Activate.
- Now, navigate to Settings > Mime Type Settings.
- Add the MIME type value for your file in the Add Value section on this page. For example, woff = application/x-font-woff
- Click on Save.
- Once done, new MIME types are permitted in your WordPress media library.
5. Change the WordPress multisite settings.
Through a single dashboard, users of WordPress Multisite may create and manage many websites. It also offers a facility for adding permitted file types:
- Log into your WordPress Dashboard.
- Scroll down to Settings and select Network Settings.
- On this page, find the Upload file type option under the Upload Settings section.
- Enter all the required MIME file types.
- Click on Save Changes.
6. Contact your hosting provider
Contact the support staff of your WordPress hosting provider and describe your situation if you've tried all of the actions mentioned above but are still getting an error message.
Your provider likely imposes stricter file-type limitations than WordPress does by default. Please contact your provider's customer service if the “Sorry, this file type is not permitted for security reasons” problem cannot be fixed using the steps above.
Maintaining Security on Your WordPress Site While Allowing Additional File Types
- Restricting unauthorized users
- To check for vulnerabilities on your website, use a WordPress security plugin.
- Check your WordPress website frequently for possibly harmful code.
- To prevent users from uploading huge files that can be infected with malware, consider limiting the size of uploaded files.
- Add user activity to the log to track who posted what file.
Conclusion
The WordPress issue "Sorry, This File Type Is Not Permitted for Security Reasons" requires a balanced strategy considering functionality and security.
You can strike a balance between allowing necessary file types and protecting the integrity of your website's security by systematically verifying the authenticity of files, maintaining compatibility with the most recent version of WordPress and all of its components, using reliable plugins, and carefully modifying settings.