As we explained above, WordPress’ default configuration limits the types of files that you can upload to your site for security reasons.
The “Sorry, This File Type Is Not Permitted for Security Reasons” Error Message in WordPress:
You get the “Sorry, This File Type Is Not Permitted for Security Reasons” error message when you try to upload a file type that’s not supported in WordPress by default.
WordPress limits the file types you can upload through your site’s admin — images, videos, documents, audio — for security reasons.
Support
By default, the file types that you can upload are:
Images:
- .jpg
- .jpeg
- .png
- .gif
- .ico
(Suggested reading: JPG vs JPEG: Understanding the Most Common Image File Format)
Videos:
- .mp4
- .m4v
- .mov
- .wmv
- .avi
- .mpg
- .ogv
- .3gp
- .3g2
Documents:
- .doc
- .ppt, .pptx, .pps, .ppsx
- .odt
- .xls, .xlsx
- .psd
Audio:
- .mp3
- .m4a
- .ogg
- .wav
If you’re trying to upload a file type that’s not on the list above, you’re likely going to run into the “Sorry, this file type is not permitted for security reasons” error. Or, you’ll also see it as “[filename] has failed to upload”.Are you trying to upload a file on WordPress and keep getting the ‘Sorry, This File Type Is Not Permitted for Security Reasons’ error? Learn how to fix it! 🛠️CLICK TO TWEET
For example, if you’re trying to use your own custom fonts on your WordPress site, you might be trying to upload a custom font file to WordPress in the .tff and/or .woff formats. Because those formats are not allowed by default, WordPress will show you the “Sorry, this file type is not permitted for security reasons” error instead of letting you upload them.
Here’s an example where we tried to upload a .woff file to our test site:
How to Fix the “Sorry, this file type is not permitted for security reasons” Error in WordPress
Below, we’ll show you two ways how to fix the “Sorry, this file type is not permitted for security reasons” error in WordPress:
- By editing your site’s wp-config.php file
- By using a free WordPress plugin
1. Add New Permitted File Types Using wp-config.php
WordPress includes an ALLOW_UNFILTERED_UPLOADS option that you can enable in your site’s wp-config.php file. Once enabled, you’ll be able to upload any file type to your WordPress Media Library.
Here’s how to set it up – but first, because you’ll be editing your wp-config.php file, we’d recommend backing up your site before proceeding.
To get started, connect to your WordPress site via FTP/SFTP. Your site’s wp-config.php file is located in the root folder, which is the same folder that has the wp-admin and wp-includes folders.
Right-click to edit the file, or download it to your computer:
Then, while editing the wp-config.php file, add the following code snippet above the /* That’s all, stop editing! Happy blogging. */ line:
define('ALLOW_UNFILTERED_UPLOADS', true);
Make sure to save your changes and re-upload the file if needed.
To finish the process, you’ll need to go to your WordPress dashboard and log out of your WordPress account. Then, you can immediately log back in.
After you’ve logged out/in, you should be able to upload any file without triggering the error message:
Unlock 4 Months of Free Hosting
Ready to handle traffic spikes this holiday season? Get started with 4 free months of fast, secure, and scalable WordPress Hosting!
2. Use the Free WP Extra File Types Plugin
If you’d prefer not to edit your wp-config.php file and/or you want more control over exactly which file types can be uploaded to your site, you can use the free WP Extra File Types plugin at WordPress.org
Once you install and activate the plugin, go to Settings → Extra File Types in your WordPress dashboard.
There, you’ll see a lengthy list of file types. Check the box next to the file type(s) that you want to be able to upload and then click Save Changes at the bottom:
If you don’t see the file type that you’d like to upload on the list, you can also add your own custom file types at the bottom of the plugin’s settings list:
Alternative Plugins
In some instances, there may be better alternative plugins to enable specific file types. For example, in our tutorial on how to enable SVGs in WordPress, we recommend the free Safe SVG plugin. This not only enables the SVG filetype in the WordPress media library, it also sanitizes them upon upload.
Summary
By default, WordPress limits the file types that you can upload to your site for security reasons. If you try to upload a file type outside this list of default file types, you’ll see the “Sorry, this file type is not permitted for security reasons.” message.
One way to fix the issue is to edit your wp-config.php file and add the ALLOW_UNFILTERED_UPLOADS code snippet to allow unfiltered uploads. Or, you can also use the free WP Extra File Types plugin to control allowed file types from your WordPress dashboard.
Finally, if, after allowing new file types, you still can’t upload your file because of its size, you might want to check out our additional guides on:
- How to Increase the WordPress Maximum Upload File Size
- How to Fix the uploaded file exceeds the upload_max_filesize directive in php.ini Error
And don’t forget, you could also upload the file via SFTP if needed.