How to Fix “Sorry, this file type is not permitted for security reasons”

This error occurred in our WordPress Newsletter plugin and our users started reporting it so we had to resolve the problem. We released version of our Newsletter plugin in the meanwhile which has a workaround included for the error. So if the issue is in our plugin, please update it else continue reading if you are experiencing the problem/error in a different area.


UPDATE: There is currently a known issue with the allowed mime types in WordPress 4.7.1 and a bug has been logged for this. It seems like WordPress 4.7.2 will be released shortly to address the problem but in the meanwhile, use #2 in this article or the Disable Real Mime Check plugin.


WordPress filters the file types which users can upload through the media uploader and other areas of the dashboard. See the Uploading Files documentation in the WordPress for more information on which files are allowed.

If you try to upload a file which is not allowed, you will be presented with a “Sorry, this file type is not permitted for security reasons” error message but this error can be fixed easily if you have to upload a specific file which is not allowed.


How to Fix the File Type is Not Permitted Error

Here are several ways to fix the “Sorry, this file type is not permitted for security reasons” error message in WordPress. Pick one of the options below which suits you best to resolve the problem:


1. Using a WordPress Plugin

There are several WordPress plugins which you can simply install to fix the problem. Each plugin has it’s own configuration or settings though some of them do it the same way using the upload_mimes filter hook as mentioned in #3 below. Here are some plugins you can use:


2. Add ALLOW_UNFILTERED_UPLOADS constant to wp-config.php

Open the wp-config.php file of your WordPress installation and above the line where it says /* That's all, stop editing! Happy blogging. */ add the following code anywhere:



For easy editing of the wp-config.php file, there is also a useful WordPress plugin you can use called WP Config File Editor. Please be careful when you use this plugin especially when you edit in raw mode that you don’t break anything in the file. I also recommend that you deactivate and delete the plugin when you are done so that it doesn’t stay there in your WordPress dashboard, it could pose a security risk.


3. Using the upload_mimes WordPress filter hook

With this option, you’ll write your own code to hook to the upload_mimes filter of WordPress and add your mime type accordingly.

First, you’ll need to check what the extension of your file is eg. csv and then you need to check what the mime type of that file extension is specifically. Here is a complete MIME Types List which is useful or you can Google it accordingly. For csv for example, it is text/csv

The code you’re going to write can be placed in various places but best is to just add it to the functions.php file of your WordPress theme. So go ahead and open the functions.php file of your WordPress theme and at the very top, add this following code:

// Add this to the functions.php file of your WordPress theme
// It filters the mime types using the upload_mimes filter hook
// Add as many keys/values to the $mimes Array as needed

function my_custom_upload_mimes($mimes = array()) {

// Add a key and value for the CSV file type
$mimes['csv'] = "text/csv";

return $mimes;

add_action('upload_mimes', 'my_custom_upload_mimes');


In the code, change the value csv to the extension of your file and the value inside the quotes to the mime type of that extension accordingly.


4. Multi-Site Upload Files Setting

Only use this option if you are running a WordPress multi-site network installation.

Go to Network Admin Area > Settings > Upload Settings in your WordPress multi-site network panel. There is a setting called “Upload File Types” where you can add more file extensions which should be allowed on all blogs/sites on the multi-site network.


5. Ask your Hosting Provider

If you are still stuck and cannot resolve the problem, contact your hosting provider and ask them to assist you.

We provide very good WordPress hosting if you need a good host with reliable, secure servers, and great support.

Earn Money by Referring People

Refer customers to us with your affiliate link and earn commission on sales from your link.

Get Started
  1. Trends on November 19, 2023

    Thanks it’s help a lot

  2. panduaji on July 19, 2021

    Is safe using define(‘ALLOW_UNFILTERED_UPLOADS’, true); ? I think with that we can upload php script that also can harm our site

  3. CeylonThemes on January 10, 2020

    Thanks a lot

  4. djcelo on September 19, 2019


    Thanks a lot!

  5. Geoff on February 20, 2019

    define(‘ALLOW_UNFILTERED_UPLOADS’, true);

    Too easy. Thanks.

  6. Hudson on January 3, 2019


    I’ve been having this issue on my customer support forums (bbPress). This took care of it!

    For .log file:

    log = text/plain

  7. Joy Chetry on October 24, 2018

    The #1 Method worked perfectly for me, I was trying to add .svg files. However, method #2 didn’t work for me like all this gentleman above.

  8. Leona on July 17, 2018

    WP Add Mime Types plugin allows me to upload various file types. Highly recommended.

  9. Chris on May 6, 2018

    Running 4.9.5 and tried Option 2 above define(‘ALLOW_UNFILTERED_UPLOADS’, true);
    Not working. Still get the error message.

  10. Eric on February 24, 2018

    I tried the hook and WP Add Mime Types, for WebP images.
    Indeed I had to use Chrome to log in the admin area, Firefox still refuses to implement WebP.
    Well, it just doesn’t work. The images are uploaded, but doesn’t show up. WordPress is like Mozilla, they refuse to embrace the future. What a shame.

  11. Christopher G Mendla on January 8, 2018

    Thanks – I took your first suggestion and added the WP Add Mime Types plugin. It worked great and allowed me to add the .au file I had to my post.

    I did have to reload the post I was editing for the changes to take but that was to be expected.

  12. PedroM on August 4, 2017

    Thank you very much, option 4 worked for me.
    Semper Fi

    • Antonie Potgieter on August 21, 2017

      You are welcome, I’m glad to hear it resolved your problem.

  13. No thanks on February 20, 2017

    I’m running 4.7.2 and this has not addressed the issue for .m4a files. Tested uploading a .m4a on a couple of sites.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Want More Content Like This?

Want More Content Like This?

Join our newsletter to get more content like this via email!

You'll receive a free, monthly email with a summary of very useful articles. No spam, just great content!

You have Successfully Subscribed!

Pin It on Pinterest