Lastly, if you’ve tried to upload a file to your media library and received the “Sorry, this file type is not permitted for security reasons” error, you may feel stumped as to how to proceed. Fortunately, there are several ways to fix the error and get things back to normal. In this article, we’ll explain why the “Sorry, this file type is not permitted for security reasons” error exists in WordPress. Then, we’ll show you ways to solve the error and upload any file to your WordPress site.
The WordPress shows this error “Sorry, this file type is not permitted for security reasons” when you try to upload files to your website through the admin dashboard. The users are only allowed to upload certain file types to WordPress websites for security reasons. This is to prevent users from uploading executable files to their websites. WordPress allows users to upload only the following file types. If you try to upload any other file types then you get the error message “Sorry, this file type is not permitted for security reasons”.
File Not Permitted Fix Using WordPress Plugins
There are several plugins capable of enabling you to upload prohibited file types, such as File Manager and Enhanced Media Library. These plugins have settings to enable you to add permitted Multipurpose Internet Mail Extensions (MIME) types for upload to WordPress.
A MIME type describes the content a file contains and tells your browser how to display it correctly. For example, the file extension .jpg corresponds with the MIME type image/jpeg, and displays as an image in web browsers. We’ll use the Enhanced Media Library plugin to add new permitted MIME types for upload. You can quickly install and activate the plugin within the Plugins area of WordPress: With the plugin activated, we’ll go to our settings and see that there are a MIME Types > Media option:
There are two ways to permit uploads for a specific MIME type. The first is to simply select the box corresponding to the desired MIME type in the Allow Upload column. However, if your desired type is not listed, you’ll have to select Add New MIME Type at the top of the page.
This will add a new row where you can enter the extension, MIME type, and labels. Next, select the Allow Upload box for the new MIME type. If you ever change your mind, you can remove entries by using the button at the end of each row, or select Restore WordPress default MIME Types for the original settings.
If you want to allow all file types for upload, you can do so by editing wp-config.php – the file that contains information pertaining to your site’s database. Once again, you’ll want to back up your site in case something goes wrong when you’re editing. Then you’ll access wp-config.php using FTP as we described in the previous method. The file should be located in the root directory of your website. Select View/Edit to open the text editor. You can add the following code to the file, anywhere above the line reading “/* That’s all, stop editing. Happy blogging. */”:
To end with, Save your changes when you’ve finished editing. Note that doing this means nothing will prevent you or users from accidentally (or purposefully) uploading malicious files to your site, so it may be wise to try other options before resorting to this one.
You can fix this security issue very easily if you are using WordPress Multisite. You can add the file type that you want to upload in the “Upload file types“. Option in WordPress Multisite settings in the network admin area. Please navigate to Network Admin Area > Settings > Upload Settings and add the necessary file types into it. Ensure that the file types are separated with space, not by a comma.