Fix File Type is Not Permitted for Security Reasons in WordPress

A file type is an identification of different types of file. It is the name given to different kinds of files. Adobe Photoshop file and Microsoft Excel file are two different types of files and hence have different file types. The terms “file type” and “file format” are often used interchangeably. However, a file format mainly defines the structure and content of a file. For example, when an image file is saved using JPEG compression, the file format may be defined as a “JPEG image file.” This article show steps to fix file type is not permitted for security reasons in WordPress.

Each file type has one or more corresponding file extensions. Most file extensions consist of three characters.  For example, .JPG , .JPEG , .png, .gif are extensions of different file types of image. The file extensions are added at the end of each filename and it provide a simple way of identifying the file type of each file.

Default list of files types allowed by WordPress

For security reasons, the default installation of WordPress only allows the upload of a list of commonly accepted and safer formats. It provides a kind of restriction to various file formats and this security feature is commonly known as ‘filtered upload’. You can upload commonly used image formats, audio/video, and documents using the default Media Uploader. Here are the current file formats you are allowed to upload.


  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico


  • pdf (Portable Document Format; Adobe Acrobat)
  • doc, .docx (Microsoft Word Document)
  • key (Apple Keynote Presentation)
  • ppt, .pptx, .pps, .ppsx (Microsoft PowerPoint Presentation)
  • odt (OpenDocument Text Document)
  • xls, .xlsx (Microsoft Excel Document)
  • zip, if you have the Premium or Business plan


  • .mp3
  • .m4a
  • .ogg
  • .wav


  • .mp4, .m4v (MPEG-4)
  • .mov (QuickTime)
  • .wmv (Windows Media Video)
  • .avi
  • .mpg
  • .ogv (Ogg)
  • .3gp (3GPP)
  • .3g2 (3GPP2)

If you want to know about how to upload file WordPress codex has a guide on uploading file.

Fix File Type is Not Permitted for Security Reasons in WordPress

If you try to upload any other file type you will get security warning Sorry, this file type is not permitted for security reasons.

Fix File Type is Not Permitted for Security Reasons in WordPress

If you’d like to add or remove a specific file type and allow it to be uploaded to WordPress, you can easily do it in two ways:

Editing the configuration file

wp-config file is the main configuration file of WordPress. This is a highly sensitive file since the important configurations are stored here. You can completely remove the file upload filter property and allow any file type to be uploaded to WordPress.

The only way to reach wp-config.php file is through the files where WordPress are installed. Find wp-config.php file in the parent directory of WordPress installation folder and copy and paste the following codes:


Now you can upload any kind of file to WordPress. We don’t recommend this method since any error in wp-config file can crash your WordPress. Also removing the filter in file upload feature can cause massive security threats.

Also Read:   How to Add Scripts and Styles in WordPress?

Adding custom WordPress hook

This method includes adding an extra bit of code in function.php file. This is a much controlled and safer way of allowing uploading of different file types. You can add or remove the file types from the list of file types WordPress permits. The method keeps ‘filtered upload‘ feature alive and WordPress will still block the unrecognized file type uploads.

Steps to remove file type restrictions from WordPress using function.php file

1. First you need to login to your dashboard.
2. Then go to Appearance > Editor.
3. On the right side among the list of template files, find Theme Functions (functions.php).
Fix File Type is Not Permitted for Security Reasons in WordPress

4. For giving the permission to upload a single specific file type you can add the following code in the php

function file_type_allow($mime_type_to_allow){
    $mime_type_to_allow['svg'] = 'image/svg+xml'; //Adding svg extension
    return $mime_type_to_allow;
add_filter('upload_mimes', 'file_type_allow', 1, 1);

5. You can also add multiple file types in the same code like this:

function file_type_allow($mimes_to_allow){
 $mimes_to_allow['mp4'] = 'video/x-mp4';
 $mimes_to_allow['swf'] = 'video/x-swf';
 $mimes_to_allow['flv'] = 'video/x-flv';
 $mimes_to_allow['mid'] = 'audio/midi';
$mime_to_allow['svg'] = 'image/svg+xml';
 return $mimes_to_allow;
add_filter('upload_mimes', 'file_type_allow', 1, 1);

6. Finally save the file and try uploading the file type you want to upload.

If you have followed these steps correctly, you should be able to upload any file type of your choice.

Fix File Type is Not Permitted for Security Reasons in WordPress

In this way, you can fix error file type is not permitted for security reasons in WordPress.

The following two tabs change content below.

Kantiman Bajracharya

Kantiman Bajracharya is a freelance web developer. He is a computer geek who has a Bachelor’s degree in Computer Engineering. He has earned lots of satisfied customers while working for numerous successful projects. He is also a WordPress theme creator and web article writer. On free time he likes reading philosophy books, traveling and playing chess.

Share This Post