Fixing "sorry, this file type is not permitted for security reasons"
parallax background

Fixing “sorry, this file type is not permitted for security reasons”

Top Examples of Fitness Landing Pages
April 18, 2025
Awesome VR Website Design Examples
April 19, 2025
Top Examples of Fitness Landing Pages
April 18, 2025
Awesome VR Website Design Examples
April 19, 2025
 

Frustrated by that annoying "sorry, this file type is not permitted for security reasons" message when trying to upload content to your website? You're not alone. This error appears when your content management system blocks file uploads due to web security measures designed to prevent malicious file uploads.

Running into file upload issues can completely halt your workflow, especially when dealing with important documents, images, or media files. The good news? Several straightforward solutions exist to bypass these upload security restrictions.

In this guide, you'll learn practical methods to fix file type validation failures across popular platforms like WordPress, Joomla, and Drupal. We'll cover several approaches including:

  • Modifying your .htaccess configuration
  • Adjusting PHP security filters in your php.ini file
  • Working with MIME type verification
  • Troubleshooting security plugin conflicts

Whether you're facing upload validation issues with PDF files, images, or other content, these techniques will help you overcome file extension blocking while maintaining proper site hardening practices.

What does it mean that this file is not permitted for security reasons?

 

You may have experienced this type of obstacle when trying to upload a video on YouTube. The server has rejected the file mp4, for example. Or, The media you tried to upload was invalid.

or DIVI import not working. These messages are quite common but do cause frustration.

However, WordPress does have a sound reason to stop you in your tracks. The security they refer to is YOUR security, or that of your WordPress website. WordPress doesn’t recognize the file type, it’s not in their safe-list or not supported in WordPress by default. So WordPress tries to protect you.

You can surpass the “Sorry, this file type is not permitted for security reasons” obstacle.

 

This is how to bypass the WordPress media library line of defense

It is not advisable to attempt to solve this yourself because you will likely harm your WordPress website by creating an extra security risk. You may cause permanent damage to your website or provide a pathway for hackers. This is why the Sorry, this file type is not permitted for security reasons-error was created in the first place.

You won’t encounter any problem uploading a file with any of the common extensions: .jpg, .jpeg, .png, .gif, .icofor images. .mp4, .m4v, .mov, .wmv, .avi, .mpg, and so on, for videos..mp3, .mp4a, .ogg, .wav for audio. Nor will .pdf, .doc, .xls, cause any problems.

These are accepted by default and would never be on the list of forbidden MIME(Multipurpose Internet Mail Extensions).

However your custom fonts with extensions such as: .tff and .woff will raise the Sorry, this file type is not permitted for security reasons wall without exception.

The 6 solutions for your problem:

  • Install WordPress multisite
  • Install a WordPress plugin
  • Edit the wp-config.php file
  • Edit the theme’s functions.php File
  • Use the upload_mimes WordPress filter hook
  • Contact your hosting provider (Read HELP!)

The 6 solutions under the microscope

Install WordPress multisite

 

Install WordPress Multisite whether you need multiple websites for your business or not. Once this is done, you can upload files that are blocked on a single-site.

You can access the setting you will need via the Network Admin Dashboard:

  • Click on Network Settings
  • Add the extensions to the Upload File Types Setting
  • Save the changes and you will have an updated list of permitted file types for every site in your network.
  • This solves the problem for you and the users of your original WordPress site.

Install a WordPress plugin

Installing a MIME plugin is even faster as well as giving you more control. The purpose of this plugin is to allow you to upload file types that normally get Sorry, this file type is not permitted for security reasons. You can update extensive lists by adding your custom file types to gain this control.

There are several MIME plugins available. Click on the link of your choice:

WP Add Mime Types

 

The plugin additionally allows the mime types and file extensions to WordPress. In other words, your WordPress site can upload various file extensions.

 

Add the mime type that can be used in the media library to each file type.

 

WP Extra File Types

 

This plugin let you add file types to the default list of file extensions supported by the Media Library upload procedure.

Edit the wp-config.php file

 

Make a back-up of your website first because changing a configuration can cause things to go wrong. After uploading your file(s) you’d be wise to reverse the changes you made to the configuration. This will keep your website secure!

Step by step

 

1. Via an FTP client (or File Manager) enter your installation directory(in most cases, it’s public_html)

2. Type or paste:

define(‘ALLOW_UNFILTERED_UPLOADS’, true);

in the wp-config.php file. This above the line ‘That’s all, stop editing! Happy publishing.’

3. SAVE your changes

4. Log out of your WordPress account via your WordPress dashboard and log in again.

Now you can upload any file you want. WordPress Media Library will accept all your file types. You will not encounter Sorry, this file type is not permitted for security reasons.

Edit the theme’s functions.php file

 

Make a backup of your site and go to your functions.php file using an FTP client:

1. Access your WordPress installation directory (in most cases, it’s public_html) via an FTP client or File Manager.

2. Navigate to wp-content -> themes -> current theme’s folder

3. Open the functions.php file

4. Type:

function my_custom_mime_types( $mimes ) {

// Add new MIME types here

$mimes['abiword'] = 'application/x-abiword';

return $mimes;

}

add_filter( 'upload_mimes', 'my_custom_mime_types' );

5. As always SAFE your changes

By adding the upload_mimes filter to functions.php, the behaviors of your WordPress site will change. It will be no problem to upload a before prohibited file type.

Use the upload_mimes WordPress filter hook

Open the functions.php file of your WordPress theme.

At the top of the file type this code:

// Add this to the functions.php file of your WordPress theme
// It filters the mime types using the upload_mimes filter hook
// Add as many keys/values to the $mimes Array as needed

function my_custom_upload_mimes($mimes = array()) {

// Add a key and value for the CSV file type
$mimes['csv'] = "text/csv";

return $mimes;
}

add_action('upload_mimes', 'my_custom_upload_mimes');

$mimes['csv'] = "text/csv" is for a file with csv as extension. The mime type for csv is text/csv. 

Contact your hosting provider

 

As a last resort you can have your IT team contact your hosting provider. If your hosting provider restricts what they see as unsafe file types they can reverse this situation.

FAQ on How To Fix This Error

What causes the "file type not permitted" error?

This error appears when your CMS security settings or web application firewall blocks files it considers potentially harmful. WordPress, Joomla, and other platforms use file validation processes to prevent malicious uploads. Server configuration files like .htaccess and php.ini often contain these file screening policies.

How do I modify the allowed file types in WordPress?

Add this code to your functions.php file:

function add_custom_mime_types($mimes) {
    $mimes['pdf'] = 'application/pdf';
    $mimes['doc'] = 'application/msword';
    return $mimes;
}
add_filter('upload_mimes', 'add_custom_mime_types');

Replace with your needed file extensions.

Can security plugins cause this upload error?

Yes. Security plugins like Wordfence or Cloudflare may implement strict file upload blocking. Check your security plugin settings for media upload restrictions. Try temporarily disabling these plugins to isolate whether they're causing upload validation failed errors.

How do I edit the .htaccess file to fix upload issues?

Access your .htaccess through FTP client or file manager. Add these lines:

AddType application/pdf .pdf
AddType image/jpeg .jpg .jpeg
AddType application/zip .zip

Customize for your required file types. Server security measures often block uploads at this level.

What's the quickest workaround for this error?

Change the file extension temporarily to an allowed type (like .jpg), upload it, then rename it back using a file manager plugin. While this bypasses upload security, it's not recommended for long-term site hardening practices.

How do I modify PHP security filters?

Edit your php.ini configuration with these lines:

upload_max_filesize = 10M
post_max_size = 13M
file_uploads = On

Contact your hosting provider if you lack access to these PHP settings. File upload functionality often depends on these server-level configurations.

Why am I suddenly getting this error when it worked before?

Recent CMS updates, newly installed plugins, or hosting security policy changes can trigger these errors. Check if your WordPress or Joomla version was updated, as content verification failed messages often appear after security upgrades.

How do I fix this error for PDF files specifically?

PDFs commonly trigger this error due to MIME type verification issues. Add this to your theme's functions.php:

function allow_pdfs($mime_types){
    $mime_types['pdf'] = 'application/pdf';
    return $mime_types;
}
add_filter('upload_mimes', 'allow_pdfs', 1, 1);

This specifically addresses document upload errors for PDF files.

Can I fix this without coding knowledge?

Absolutely. Try these no-code approaches:

  • Install a file manager plugin
  • Use FTP alternative for uploading
  • Contact hosting provider support
  • Reset file permissions through cPanel
  • Try different browsers (sometimes it's a cache issue)

How do I permanently fix this issue in Nginx servers?

Edit your Nginx configuration file to include:

client_max_body_size 10M;

Then add proper MIME types:

include /etc/nginx/mime.types;
default_type application/octet-stream;

Restart Nginx after changes. This addresses both upload filtering active and file extension rejected errors.

Conclusion

Learning how to fix "sorry, this file type is not permitted for security reasons" gives you more control over your website's content. By understanding the balance between site hardening and upload functionality, you've gained valuable troubleshooting skills for your content management system.

Remember these key takeaways:

  • File extension rejected errors often stem from MIME type verification processes
  • Admin upload permissions can be adjusted in your wp-config.php file
  • Media library limitations exist to prevent upload vulnerability issues
  • FTP alternatives provide workarounds when direct uploads fail

Whether you're managing Drupal, Shopify, or Elementor, these techniques help maintain proper website administration without constant content upload failures. Should problems persist, check your Nginx configuration or contact your hosting provider. With these approaches, you'll spend less time fighting error messages and more time creating content.

If you enjoyed reading this article on fixing "sorry, this file type is not permitted for security reasons", you should check out this one about how to fix the currently unable to handle this request error.

We also wrote about a few related subjects like WordPress missed schedule, how to fix the parse error syntax error unexpected, WordPress failed to import media, how to fix the WordPress parse error, how to fix the link you followed has expired and how to fix an error occurred while processing this directive.

Albert Ślusarczyk
Albert Ślusarczyk
As the co-creator of Be Theme, I am a strong believer in designing with care and patience. I pour my energy, time & knowledge into perfecting the theme for our 260,000+ customers.
Siteground Hosting