How to Fix “Sorry, this file type is not permitted for security reasons”
This error occurred in our WordPress Newsletter plugin and our users started reporting it so we had to resolve the problem. We released version 4.6.5.2 of our Newsletter plugin in the meanwhile which has a workaround included for the error. So if the issue is in our plugin, please update it else continue reading if you are experiencing the problem/error in a different area.
UPDATE: There is currently a known issue with the allowed mime types in WordPress 4.7.1 and a bug has been logged for this. It seems like WordPress 4.7.2 will be released shortly to address the problem but in the meanwhile, use #2 in this article or the Disable Real Mime Check plugin.
WordPress filters the file types which users can upload through the media uploader and other areas of the dashboard. See the Uploading Files documentation in the WordPress for more information on which files are allowed.
If you try to upload a file which is not allowed, you will be presented with a “Sorry, this file type is not permitted for security reasons” error message but this error can be fixed easily if you have to upload a specific file which is not allowed.
How to Fix the File Type is Not Permitted Error
Here are several ways to fix the “Sorry, this file type is not permitted for security reasons” error message in WordPress. Pick one of the options below which suits you best to resolve the problem:
1. Using a WordPress Plugin
There are several WordPress plugins which you can simply install to fix the problem. Each plugin has it’s own configuration or settings though some of them do it the same way using the upload_mimes
filter hook as mentioned in #3 below. Here are some plugins you can use:
2. Add ALLOW_UNFILTERED_UPLOADS constant to wp-config.php
Open the wp-config.php
file of your WordPress installation and above the line where it says /* That's all, stop editing! Happy blogging. */
add the following code anywhere:
define('ALLOW_UNFILTERED_UPLOADS', true);
(https://gist.github.com/tribulant/a7c484050cb6eed05ba71372a8a083c5)
For easy editing of the wp-config.php
file, there is also a useful WordPress plugin you can use called WP Config File Editor. Please be careful when you use this plugin especially when you edit in raw mode that you don’t break anything in the file. I also recommend that you deactivate and delete the plugin when you are done so that it doesn’t stay there in your WordPress dashboard, it could pose a security risk.
3. Using the upload_mimes WordPress filter hook
With this option, you’ll write your own code to hook to the upload_mimes
filter of WordPress and add your mime type accordingly.
First, you’ll need to check what the extension of your file is eg. csv
and then you need to check what the mime type of that file extension is specifically. Here is a complete MIME Types List which is useful or you can Google it accordingly. For csv for example, it is text/csv
The code you’re going to write can be placed in various places but best is to just add it to the functions.php
file of your WordPress theme. So go ahead and open the functions.php
file of your WordPress theme and at the very top, add this following code:
// Add this to the functions.php file of your WordPress theme
// It filters the mime types using the upload_mimes filter hook
// Add as many keys/values to the $mimes Array as needed
function my_custom_upload_mimes($mimes = array()) {
// Add a key and value for the CSV file type
$mimes['csv'] = "text/csv";
return $mimes;
}
add_action('upload_mimes', 'my_custom_upload_mimes');
(https://gist.github.com/tribulant/a33b9c56ececec572cdaa1298d2a056c)
In the code, change the value csv
to the extension of your file and the value inside the quotes to the mime type of that extension accordingly.
4. Multi-Site Upload Files Setting
Only use this option if you are running a WordPress multi-site network installation.
Go to Network Admin Area > Settings > Upload Settings in your WordPress multi-site network panel. There is a setting called “Upload File Types” where you can add more file extensions which should be allowed on all blogs/sites on the multi-site network.
5. Ask your Hosting Provider
If you are still stuck and cannot resolve the problem, contact your hosting provider and ask them to assist you.
We provide very good WordPress hosting if you need a good host with reliable, secure servers, and great support.
We at Tribulant Software have a great passion for WordPress, development, blogging and the Internet in general. Building useful plugins to improve WordPress’ functionality is our goal.
WordPress Plugins
Start selling products, sending newsletters, publishing ads, and more through your own WordPress website using our premium WordPress plugins.
Thank you very much. I took the first suggestion and the problem resolved. You saved my day!
Thanks it’s help a lot
Is safe using define(‘ALLOW_UNFILTERED_UPLOADS’, true); ? I think with that we can upload php script that also can harm our site
Thanks a lot
Perfectly!!!
Thanks a lot!
define(‘ALLOW_UNFILTERED_UPLOADS’, true);
Too easy. Thanks.
Thanks!
I’ve been having this issue on my customer support forums (bbPress). This took care of it!
For .log file:
log = text/plain
The #1 Method worked perfectly for me, I was trying to add .svg files. However, method #2 didn’t work for me like all this gentleman above.
WP Add Mime Types plugin allows me to upload various file types. Highly recommended.
Running 4.9.5 and tried Option 2 above define(‘ALLOW_UNFILTERED_UPLOADS’, true);
Not working. Still get the error message.
I tried the hook and WP Add Mime Types, for WebP images.
Indeed I had to use Chrome to log in the admin area, Firefox still refuses to implement WebP.
Well, it just doesn’t work. The images are uploaded, but doesn’t show up. WordPress is like Mozilla, they refuse to embrace the future. What a shame.
Thanks – I took your first suggestion and added the WP Add Mime Types plugin. It worked great and allowed me to add the .au file I had to my post.
I did have to reload the post I was editing for the changes to take but that was to be expected.
Thank you very much, option 4 worked for me.
Semper Fi
You are welcome, I’m glad to hear it resolved your problem.
I’m running 4.7.2 and this has not addressed the issue for .m4a files. Tested uploading a .m4a on a couple of sites.
For the issue created in WordPress 4.7.1, please use #2 in the article on the Disable Real Mime Check plugin to solve the problem: https://wordpress.org/plugins/disable-real-mime-check/