Are you trying to upload a file to your WordPress Media Library and getting an error message saying, “Sorry, this file type is not permitted for security reasons” and/or “[filename] has failed to upload”?
This error occurs because the file type you are trying to upload is not in the list of default file types supported by WordPress. Fortunately, there are several ways to authorize additional file types to upload in WordPress.
In this article, we will show you how to fix the “Sorry, this file type is not permitted for security reasons” error in WordPress.
Understanding the “Sorry, This File Type Is Not Permitted for Security Reasons” Error
By default, WordPress has restrictions on the type of files you can upload. It is to prevent users from uploading executable or unknown files that can make your site vulnerable.
WordPress supports uploading the following file types. If you try to upload any other file types, you get the error message, “Sorry, this file type is not permitted for security reasons.”
Supported File Types
Category | File Extensions |
Images | .jpg .jpeg .png .gif .ico |
Document | .doc, .docx .ppt, .pptx, .pps, .ppsx .odt .xls, .xlsx .psd |
Audio | .mp3 .m4a .ogg .wav |
Video | .mp4, .m4v .mov .wmv .avi .mpg .ogv .3gp .3g2 |
How to Fix the “Sorry, This File Type Is Not Permitted for Security Reasons” Error
When it comes to this particular error, you have various solutions to fix it, but we recommend adding a small code snippet to your wp-config.php file or using a WordPress plugin. Follow either one solution (1 or 2) to enable new file types.
Tip
We recommend you backup your application before going further to have a good restore point if something goes wrong during the process.
1. Edit Your wp-config.php File to Upload New File Types
If you want to allow all file types to be uploaded to your site, you need to add a single line of code to your wp-config.php file. This file contains information about your site’s database. Please use this solution with extra care as nothing can prevent you or users from accidentally (or purposefully) uploading malicious files to your site.
First, connect to your server remotely using SSH and access the wp-config.php file available in the application’s webroot (public_html directory).
Next, you can add the following code snippet to the file, above the line reading “/* That’s all, stop editing. Happy blogging. */”:
define('ALLOW_UNFILTERED_UPLOADS', true);
Save your changes and sign back into your WordPress admin panel. You should be able to upload any file type.
2. Install the Free WP Extra File Types Plugin
Several WordPress plugins enable you to upload prohibited file types; therefore, you can use a plugin if you don’t wish to edit your wp-config.php file.
Important
Please be cautious when using third-party plugins, as they may affect your site’s functionality.
We’ll use the free WP Extra File Types plugin available in the WordPress repository.
2. After installing and activating the plugin, visit Settings > Extra File Types in your WordPress admin panel.
3. Select the files you want to allow for upload.
4. Finally, click Save Changes.
You can also add your custom file types using the option available at the bottom of the page.
Configure WordPress Multisite Settings
If you are running a WordPress multisite, you can easily add more allowed file types from Network settings; no plugins or coding required!
From your WordPress admin panel, navigate to Settings.
Next, click Network Settings.
3. Scroll down to Upload Settings and navigate to Upload File Types to add the file extensions you want to upload.
4. Finally, click Save Changes.
That’s it! We hope this article was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.