How to Fix “Sorry, this file type is not permitted for security reasons”

How to Fix “Sorry, this file type is not permitted for security reasons”

You may have experienced this frustration; you’re trying to upload a document to your WordPress library. Then a message flashes on the screen: “Sorry, this file type is not permitted for security reasons.”Luckily for you, there are multiple ways to resolve this problem and continue your work.

Keep reading in this article created by our team at wpDataTables, to discover why you’re getting this “Sorry, this file type is not permitted for security reasons” message and 5 methods on how to proceed. Then you will be able to go ahead and put your file on your WordPress website.

Why do I get the “Sorry, this file type is not permitted for security reasons” error?

There’s a simple reason you will get this error in WordPress: WordPress only accepts uploads of certain file types. The error shows up when you’re uploading a file type it doesn’t accept.

The reason it only accepts particular kinds of files is to stop people from putting up a potentially malicious executable file on their site.

Below you’ll find out the types of files (i.e. MIME types) that WordPress will accept. Uploading any other kind will result in the message, “Sorry, this file type is not permitted for security reasons.”

What exactly are MIME types?

MIME stands for Multipurpose Internet Mail Extensions. Also known as Media types, MIME types are used by browsers to figure out what kind of content is present on the webpage.

At a basic level, MIME types consist of a two-part naming convention which first specifies the file type (e.g. text or image) followed by the subtype (e.g. HTML or PNG, respectively). For example, text/html and image/png each represent a specific MIME type.

Thus, if you upload an MP3 file, the browser can tell through the MIME type that it’s an audio file and not a picture or other type of file.

According to the WordPress Codex, the file types you’re able to upload include:


  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico


  • .pdf
  • .doc, .docx
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd


  • .mp3
  • .m4a
  • .ogg
  • .wav


  • .mp4, .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2

The file you want to upload may be missing from the above list. That’s when you will receive the error message, “Sorry, this file type is not permitted for security reasons.”

Alternatively, you may see a different message —”[filename] has failed to upload” or “the media you tried to upload was invalid”. This can be frustrating as it doesn’t even give you a reason.

For example, you may try to upload a .tff or .woff file. These are files associated with custom fonts.These won’t upload because they aren’t on the list of file types that are allowed. That’s when you’ll get the “Sorry, this file type is not permitted for security reasons.”WordPress message.

How do I resolve the “Sorry, this file type is not permitted for security reasons” WordPress error?

1. Change the WordPress Multisite Settings

With just one installation of WordPress, WordPress Multisite lets you make multiple websites. These site sare joined by a network and can be changed all at once.

This can come in handy for many people. For example, maybe you have a chain of stores and you want a site for each location.Updating these sites simultaneously will save you a lot of time.

WordPress Multisite also lets you upload files you can’t usually upload to WordPress.

Simply click the following:

  • Network Administration Area
  • Settings
  • Upload Settings

Then you can just add the file type you need. If you’re adding multiple types, put a space between with no comma.

2. Install a plugin that enables extra MIME types

If you want a quick and easy solution to this error, you have the option to install a MIME plugin designed to let you upload unpermitted file types.

Some plugins that will do the trick:

WP AddMime Types

Mime Types Plus

Unsafe Mime Types

Pro Mime Types

Mime Types Extended

3. Edit your wp-config.phpfile to allow unfiltered uploads

There’s a function you are able to activate in WordPress called ALLOW_UNFILTERED_UPLOADS. This can be activated in your site’s wp-config.php file. Then in the Media Library of your WordPress site,you’ll be able to upload any kind of file.


  • Make a backup copy of your site first, just in case
  • Open up yourwp-config.php file
  • Add the below code:
  • This can be done anywhere before this line
 - /* That's all, stop editing! Happy blogging. */

A note of caution — adding this function to your site will prevent all file type upload checks from taking place, leaving your website vulnerable to potentially malicious uploads. If you go this route, it is highly recommended to remove the function once you have uploaded your non-standard files.

4. Change the functions.php file of your theme

Changing your theme’s functions.php to allow custom MIME types can be a simple resolution, avoiding the need to play around in the wp-config.php file. Change which file types WordPress accepts by utilizing the upload_mimes filter.

Here are the steps:

  • Using a file manager or FTP client, find the installation directory for WordPress (often public_html)
  • Clickwp-content
  • Click themes
  • Click the folder of the theme you’re using
  • Find and access the functions.php file
  • Add the following:
function my_custom_mime_types( $mimes ) {

// Add new MIME types here

$mimes['abiword'] = 'application/x-abiword';

return $mimes;


add_filter( 'upload_mimes', 'my_custom_mime_types' );
  • Save your changes!

You can remove or add any MIME types necessary to the $mimes array. Remember to add the extensions associated with these as well.

This method lets you define exactly which kind of MIME types you allow. This means types you don’t specify still won’t be allowed. This greater control minimizes the risk associated with allowing all file types.

5. Get in touch with your hosting provider

You may still be getting the “Sorry, this file type is not permitted for security reasons” error after trying all 4 tips above. In this rare case, perhaps you should contact your hosting provider. They may be able to offer further advice or resolve the issue for you.

Hosting providers sometimes limit the upload of file types for security reasons. If that’s what’s stopping your upload, they’ll be able to help.

FAQ on “Sorry, this file type is not permitted for security reasons”

Why do platforms restrict certain file uploads?

Ah, the age-old question. Websites and platforms are super concerned about keeping their systems and users safe. Cybersecurity is the name of the game.

If they just let any ol’ file type roll in, they risk introducing malware or other malicious code. It’s like leaving your front door open in a sketchy neighborhood – not the brightest idea.

What’s with the “file type not permitted” message?

You know when you’re trying to upload something and bam, you get hit with this? It’s basically the website’s way of saying, “Hey, that thing you’re trying to give us? It’s on our no-fly list.” Often it’s due to security measures they’ve put in place to fend off any dangerous files.

Which file types are usually considered unsafe?

Oh man, there’s a bunch. But often, it’s executable files, scripts, or ones that can carry and execute malicious code. This includes extensions like .exe, .bat, .php, .js, and the like. They’re the sneaky culprits that could compromise a system, leading to a data breach or other unpleasantness.

How can I find out which file types are allowed?

Alright, here’s a little tip. Most platforms or websites that have file upload options will list out the allowed file types somewhere – maybe in their FAQs, under “upload guidelines”, or next to the upload button. It’s like reading the dress code before going to a swanky party.

Are these restrictions really just about security?

Well, mostly, yes. Safety protocol is the main driving force. But sometimes it’s also about functionality. For instance, an image hosting site might not want a word doc. But yes, keeping malicious code and malware out is the top priority.

Can these file restrictions be bypassed?

Look, I won’t endorse doing sneaky stuff, but some folks try changing the file extension or zipping the files. However, sophisticated systems can often detect and block these tricks. It’s a cat and mouse game with cybersecurity. Always better to play by the rules, right?

What if I need to upload a restricted file for a legitimate reason?

Been there! If it’s for work or something official, best to reach out to the site or platform admins. They can often provide alternate solutions or even temporarily whitelist certain file types. Communication is key here.

How do I protect my own site from unsafe file uploads?

Great question! Implement security measures like file type validation, and maybe use a firewall. Keeping tabs on allowed file types and having a solid content security policy can work wonders. Regularly updating and patching your site helps too. Being proactive is half the battle.

Could my file be flagged even if it’s safe?

Yeah, this can happen. False positives, right? Maybe your PDF got some script or content that’s ringing alarm bells, even if it’s harmless. If you know it’s all good, touch base with the platform. A little risk assessment on their end might clear things up.

Why not just scan files for malware instead of restricting types?

I get this one a lot. Scanning is good and should be done, but it’s not foolproof. Some malicious code can slip through, especially with new threats popping up daily. Think of restricting file types as an extra layer in the cybersecurity onion. And who doesn’t like onions? Well, unless you’re making a fruit salad.

Ending thoughts on “Sorry, this file type is not permitted for security reasons”

When you’re on a roll working on your WordPress site, it can be frustrating to be stopped by an error message like “Sorry, this file type is not permitted for security reasons.”In some cases, it can be even more time consuming to fix errors than whatever you were trying to do in the first place.

It’s important to remember that there are many solutions you can try. The error happens because WordPress only allows certain file types to avoid risk for your site. Therefore, it is always recommended to only allow the specific file types that you need rather than disable the restrictions completely.

If you enjoyed reading this article on how to fix “sorry, this file type is not permitted for security reasons”, you should check out this one about WordPress plugin update failed.

We also wrote about a few related subjects like how to fix the site is experiencing technical difficulties, how to fix installation failed, could not create directory,  WordPress links not working, how to fix “your connection is not private” and the link you followed has expired.

Up Next:

How to Add Google Analytics to WordPress in 4 Steps

How to Add Google Analytics to WordPress in 4 Steps