Have you ever tried uploading a file to the WordPress media library and ended up running across the “This file type is not permitted for security reasons” error message?
If yes, not panic, since it’s one of the most common WordPress errors. As the error indicates, WordPress sets restrictions on several types of files for security reasons.
There are several ways to fix that error. In this article, we’ll uncover the main cause as well as presenting 4 simple ways to resolve it.
By the end of this article, you’ll learn:
- What Causes the “This file type is not permitted for security reasons” Error?
- #1. Check Your File Type Extension
- #2. Change WordPress Multisite Settings
- #3. Edit Your wp-config.php File
- #4. Using File Upload Plugins
- Bonus: Tools to Protect Uploaded Files
What Causes the “This file type is not permitted for security reasons” Error?
Due to security reasons, WordPress limits several particular file types that you can upload through your site’s admin. The error “This file type is not permitted for security reasons” will show up if you try to add the prohibited file types.
So which file types that WordPress supports and which doesn’t?
WordPress allows all common images, videos, audio formats, and documents. By default, the file types that you can upload are:
- Images: .jpg, .jpeg, .png, .gif, .ico.
- Videos: .mp4, .m4v, .mov, .wmv, .avi, .mpg,.ogv, .3gp, .3g2.
- Documents: .pdf, .doc, .ppt, .pptx, .pps, .ppsx, .odt, .xls, .xlsx,.psd.
- Audios: .mp3, .m4a, .ogg, .wav
As such, any file format not included in this list, i.e, .exe, or .xlsx, .xml will cause the error.
Digging deeper into the security reasons, the limitation on specific file types helps prevent file uploading vulnerabilities. Hackers can take advantage of these vulnerabilities to get access to your site, spread malware, and attack your server.
In general, this error serves as a shield to protect your site. However, in terms of user experience, it may interrupt user flow. To avoid this scenario, you need to come up with a resolution. In the next section, we’ll introduce 4 simple yet effective methods to help you sweep it away.
#1. Check Your File Type Extensions
Before messing around with WordPress settings and the wp-configure.php file, we recommend you first check the file extension to ensure it’s correct. And if not, fix the file type extension spelling. This is because you may delete or change the extension by accident when saving the file.
To check your file type format on Windows 10, open the folder that accommodates your file, click on the “View” tab then check the “File name extensions” box. (image 1)
This will bring up the type extensions of all the files on your computer. (image 2)
For Mac users, you can find file extensions by opening the Finder app and going to Finder > Preferences. A popup appears allowing you to select “Advanced” and check the “Show all filename extensions” box.
If the extension is incorrect, simply right-click and choose the ‘Rename’ option to fix it. This lets you change the file name and fill in the correct extension.
#2. Change WordPress Multisite Settings
This method only works for a WordPress site running a multisite installation. Unlike the single-site installation, the multisite one lets you accept more uploaded file types.
In your dashboard, head over to Settings > Network Settings and scroll down to “Upload Settings.”
In the “Upload file types” option, input the file type extensions that you wish to give the upload permission.
Once you save your changes, all the file types listed here can now be acceptably uploaded to any sites in your network.
Note: The settings of a single-site WordPress installation don’t include this option.
#3. Edit Your wp-config.php File
As you may not know, adding a line of code to your wp-config.php file enables you to define the allowed types of file uploads. In other words, the “This file type is not permitted for security reasons” error will no longer appear.
Before editing your wp-config.php file, remember to always back up your site as a small coding error can lead to your site broken.
Once you’re ready, follow this guide to permit any file type upload:
- Access your File Manager via your hosting control panel.
- Locate the wp-config.php file in the root folder.
- Right-click then choose “Edit” to edit the file.
4. Scroll down to the line that reads /* That’s all, stop editing! Happy blogging. */ and paste the following code snippet above it:
define(‘ALLOW_UNFILTERED_UPLOADS’, true);
5. Save your changes and login to your WordPress dashboard. You now should be able to upload any file types.
#4. Using File Upload Plugins
If you’re not so confident in dealing with code, opting for a safe option, such as installing a WordPress file upload plugin is always a smart idea.
Gaining thousands of active installations in the WordPress plugin directory, File Upload Types by WP Forms is recognized as one of the most efficient solutions for the “This file type is not permitted for security reasons” error. This free and beginner-friendly plugin can solve this tricky task as quick as a wink due to its ability to upload any file extension, including custom file types.
File Upload Type by WP Forms doesn’t limit you on the ranges of file extensions. You can freely upload any file formats that exist, including these WordPress restricted ones, such as .ai, .zip, .xml, .svg, .csv, .mobi, etc. and custom file types.
Check out the process of uploading additional file types to WordPress using the File Upload Types by WP Forms here!
Bonus: Tools to Protect Your Uploaded Files
Apart from controlling the permitted types of file uploads, it’s necessary to give your WordPress files proper protection, files serving commercial purposes in particular. Considering the more the Internet has developed, the more rampant piracy arises.
Among hundreds of tools that claim to secure WordPress media files, Prevent Direct Access (PDA) Gold outshines the others thanks to its extensive capabilities.
This user-friendly plugin enables you to protect unlimited WordPress files and all types of files. It works out of the box to block Google, other search engines, and unwanted users from indexing and stealing your valuable assets, including images, videos, ebooks, and documents.
What’s more, PDA Gold guarantees to secure your WordPress upload directory as well. No one will be able to sneak in and browse the content in your wp-content/uploads folder anymore.
Fix the Error and Protect Your File Uploads Now
We have discussed some main causes of the “This file type is not permitted for security reasons” error as well as introducing the 4 reliable methods to handle it.
You can choose to either check your file type extension, edit your wp-config.php file, change WordPress multisite settings or install file upload plugins.
Although the “This file type is not permitted for security reasons” error doesn’t lead to any serious damage to your site, it can frustrate and drive your users away, especially when you ask them to upload files via the contact form.
Making use of the 4 methods presented above to fix the error, as well as considering using PDA Gold to protect your file uploads without affecting site security.
Do you still have questions about this error? Let us know in the comments section below!