Did you encounter the dreaded “Sorry, this file type is not permitted for security reasons.” error on your WordPress website? 🤔
Don’t worry, it’s a common error that occurs when you are uploading a file type that WordPress does not support. Fortunately, there is a way to bypass this restriction.
👨🎓 In this article, we will show you how to upload restricted file types by installing a plugin or making manual modifications on your site.
We’ll also share a fix specifically for WordPress multisite networks, though most of our fixes are focused on regular WordPress installs.
No matter which method you choose, it will only take a couple of minutes to set up, and you’ll be able to fix the “Sorry, this file type is not permitted for security reasons” error for good.
What causes the “Sorry, this file type is not permitted for security reasons.” error?
By default, WordPress only lets you upload a limited selection of file types:
- Document: .pdf, .doc, .docx, .ppt, .pptx, .pps, .ppsx, .odt, .xls, .xlsx, .psd
- Images: .jpg, .jpeg, .png, .gif, .webp, .ico
- Video: .mp4, .m4v, .mov, .wmv, .avi, .mpg, .ogv, .3gp, .3g2
- Audio: .mp3, .m4a, .ogg, .wav
The restriction exists to prevent hackers from exploiting files on your website. 🔒️
Certain file types like SVG are vulnerable and can be corrupted easily because these file formats were not created with security in mind. So if you upload them to your website, hackers will exploit the files to gain access to your site. That’s why WordPress allows only a handful of file types to be uploaded to a website.
If you try to upload a restricted file type, it shows you the “sorry, this file type is not permitted for security reasons.” error.
That said, occasionally, you may have to upload restricted file types despite the risks involved.
In the next section, we are going to show you how to bypass restrictions and upload any file type you want on your WordPress website. And be sure to check out the final section, where you’ll learn how to keep your WordPress site secure from hackers after enabling the upload of restricted file types. 😎
How to upload restricted file types on your WordPress website?
You can upload restricted file types on your WordPress website by adding a code snippet to your core WordPress files or by installing a plugin. If you are running a multisite, then WordPress also gives an option to remove restrictions on file types.
But before we get down to fixing the problem, take a backup of your entire site. With a backup in place, you can carry out modifications on your website without worry. If anything goes wrong, you can quickly restore your site back to normal.
- Use a plugin to change WordPress file upload types
- Edit wp-config.php file (Allow all file types)
- Edit theme’s functions.php file (Allow specific file types)
- Change network settings (Multisite only)
- Convert restricted files
Use a plugin to change WordPress file upload types
Using a plugin is the easiest way to enable the upload of restricted file types.
Install and activate the free File Upload Types plugin on your WordPress website.
Next, go to Settings → File Upload Types. A list of file types will appear on the screen. Select the ones you want to enable.
Then, hit the Save Settings button and try uploading your file on your site.
If you don’t see the file type that you need in the list, the plugin also lets you add your own custom file types.
If you don’t want to install another plugin on your WordPress website then go for the manual methods.
Edit wp-config.php file (Allow all file types)
Another way to enable restricted file types on WordPress is to edit your site’s wp-config.php file.
However, there’s an important caveat for this method:
If you use it, you will be enabling all file types at once, which might not be a good thing for your situation. If you only need to enable a single file type, we recommend the manual method in the next section, which allows for a more targeted approach.
The wp-config file is located in your website’s root folder, i.e., the public_html folder. You can access the file by connecting to your server via FTP or via cPanel File Manager if your host offers cPanel.
Here’s how it works using cPanel. The basic idea will be the same for using FTP.
Log in into your hosting account and go to cPanel and select File Manager.
When the file manager opens, go to public_html → wp-config.php. Right-click on the file and select Edit.
Then scroll down to the end of the file and insert the following code snippet above the “/* That’s all, stop editing! Happy blogging. */” line:
define('ALLOW_UNFILTERED_UPLOADS', true);
Save the changes.
Now, open your website and log out and sign back in. You should now be able to upload restricted files to your WordPress website.
Edit theme’s functions.php file (Allow specific file types)
If you’d prefer the manual route but with a more targeted approach, you can also edit your theme’s functions.php file to specify which file types you want to allow uploading on your website.
Alternatively, you can also use a plugin like the free Code Snippets plugin, which provides a simpler way of managing the types of code snippets that you add to the functions.php file.
If you want to use the functions.php file directly instead of using Code Snippets, it’s essential that you set up a child theme first. Otherwise, your changes will be overwritten the next time you update your theme.
Here’s how it works to edit the functions.php file – but if you’re using Code Snippets, all you need to do is add the same code snippet via the plugin’s interface.
The functions.php file is located in the wp-content/themes folder inside the folder of your child theme. You can access the file via FTP or cPanel File Manager.
If using cPanel, log in into your hosting account and go to cPanel and select File Manager.
When the file manager opens, go to public_html → wp-content → themes. Then open the child theme that is active on your site and select the functions.php file found inside the folder of the theme. Right-click on the file and select Edit.
Scroll to the end of the functions.php file and add the following code snippet:
function my_custom_mime_types( $mimes ) {
// New allowed mime types.
$mimes['svg'] = 'image/svg+xml';
$mimes['svgz'] = 'image/svg+xml';
$mimes['doc'] = 'application/msword';
// Optional. Remove a mime type.
unset( $mimes['exe'] );
return $mimes;
}
add_filter( 'upload_mimes', 'my_custom_mime_types' );
Save these changes before exiting the file.
In the above code, we informed WordPress to allow uploading of the svg and doc file types. You can modify the code and add your desired file type.
Change network settings (Multisite only)
To enable the upload of restricted file types in WordPress multisite, you need to open your WordPress dashboard, go to Settings → Network Settings, and scroll down to the Upload file type option.
On the right of that option, there is an input field. You will need to add the extension of the file you want to upload to your website and then save your settings. That’s it.
Convert restricted files
If none of the above methods have worked for some reason, you can try converting the file that you failed to upload to your website into a file type that isn’t restricted by WordPress.
There are several free conversion tools that’ll help you with the conversion like Convertio, Online-Convert, CoundConvert, etc.
How to secure your WordPress site after removing file type restrictions
After removing restrictions on file types, you need to ensure that hackers don’t exploit the files to gain access to your website. You can protect your website by installing a security plugin and limiting the file upload size.
Malicious files are heavy. If you prevent uploading large files to your website, you reduce the chances of a potential hack attack.
To limit file upload size, install this plugin on your website:
Then go to Media → Increase Upload Limit and choose the lowest file size.
A WordPress security plugin will protect your website with the help of a firewall. It’ll scan your site on a daily basis looking into every nook and corner to check for malicious files. If it finds any sign of malware, the tool will clean your website immediately.
⚠ If you don’t have a security plugin installed on your website, check out our review of the best WordPress security plugins.
Final thoughts on fixing the “Sorry, this file type is not permitted for security reasons” error
WordPress restricts the types of files that you can upload to your site for security reasons. When you try to upload a file type that isn’t allowed by WordPress, you encounter the “sorry, this file type is not permitted for security reasons” error.
To fix this issue, you can install a plugin or modify the wp-config.php or functions.php files to allow the uploading of restricted file types.
You also need to make sure that hackers don’t exploit the files to gain access to your site. Using a security plugin and limiting the size of files that users upload to your site will help protect your website.
That’s it for this one folks! If you encounter any other errors on WordPress, check our blog for tutorials on how to remove and prevent those errors.
Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!