Fixing "sorry, this file type is not permitted for security reasons"
parallax background

Fixing “sorry, this file type is not permitted for security reasons”

How to embed a Google form in WordPress
March 17, 2020
How to downgrade WordPress (Easy to follow guide)
March 23, 2020

You have your WordPress website ready but you want it to look even better by adding the perfect photo or media file that will make your website the best it possibly can be. Suddenly you get this message, Sorry, this file type is not permitted for security reasons. It’s such an anticlimax. There are fixes, but you do need to understand the reason for the message and what it means.

What does it mean that this file is not permitted for security reasons?


You may have experienced this type of obstacle when trying to upload a video on YouTube. The server has rejected the file mp4, for example. Or, The media you tried to upload was invalid.

or DIVI import not working. These messages are quite common but do cause frustration.

However, WordPress does have a sound reason to stop you in your tracks. The security they refer to is YOUR security, or that of your WordPress website. WordPress doesn’t recognize the file type, it’s not in their safe-list or not supported in WordPress by default. So WordPress tries to protect you.

You can surpass the “Sorry, this file type is not permitted for security reasons” obstacle.


This is how to bypass the WordPress media library line of defense

It is not advisable to attempt to solve this yourself because you will likely harm your WordPress website by creating an extra security risk. You may cause permanent damage to your website or provide a pathway for hackers. This is why the Sorry, this file type is not permitted for security reasons-error was created in the first place.

You won’t encounter any problem uploading a file with any of the common extensions: .jpg, .jpeg, .png, .gif, .icofor images. .mp4, .m4v, .mov, .wmv, .avi, .mpg, and so on, for videos..mp3, .mp4a, .ogg, .wav for audio. Nor will .pdf, .doc, .xls, cause any problems.

These are accepted by default and would never be on the list of forbidden MIME(Multipurpose Internet Mail Extensions).

However your custom fonts with extensions such as: .tff and .woff will raise the Sorry, this file type is not permitted for security reasons wall without exception.

The 6 solutions for your problem:

  • Install WordPress multisite
  • Install a WordPress plugin
  • Edit the wp-config.php file
  • Edit the theme’s functions.php File
  • Use the upload_mimes WordPress filter hook
  • Contact your hosting provider (Read HELP!)

The 6 solutions under the microscope

Install WordPress multisite


Install WordPress Multisite whether you need multiple websites for your business or not. Once this is done, you can upload files that are blocked on a single-site.

You can access the setting you will need via the Network Admin Dashboard:

  • Click on Network Settings
  • Add the extensions to the Upload File Types Setting
  • Save the changes and you will have an updated list of permitted file types for every site in your network.
  • This solves the problem for you and the users of your original WordPress site.

Install a WordPress plugin

Installing a MIME plugin is even faster as well as giving you more control. The purpose of this plugin is to allow you to upload file types that normally get Sorry, this file type is not permitted for security reasons. You can update extensive lists by adding your custom file types to gain this control.

There are several MIME plugins available. Click on the link of your choice:

WP Add Mime Types


The plugin additionally allows the mime types and file extensions to WordPress. In other words, your WordPress site can upload various file extensions.


Add the mime type that can be used in the media library to each file type.


WP Extra File Types


This plugin let you add file types to the default list of file extensions supported by the Media Library upload procedure.

Edit the wp-config.php file


Make a back-up of your website first because changing a configuration can cause things to go wrong. After uploading your file(s) you’d be wise to reverse the changes you made to the configuration. This will keep your website secure!

Step by step


1. Via an FTP client (or File Manager) enter your installation directory(in most cases, it’s public_html)

2. Type or paste:


in the wp-config.php file. This above the line ‘That’s all, stop editing! Happy publishing.’

3. SAVE your changes

4. Log out of your WordPress account via your WordPress dashboard and log in again.

Now you can upload any file you want. WordPress Media Library will accept all your file types. You will not encounter Sorry, this file type is not permitted for security reasons.

Edit the theme’s functions.php file


Make a backup of your site and go to your functions.php file using an FTP client:

1. Access your WordPress installation directory (in most cases, it’s public_html) via an FTP client or File Manager.

2. Navigate to wp-content -> themes -> current theme’s folder

3. Open the functions.php file

4. Type:

function my_custom_mime_types( $mimes ) {

// Add new MIME types here

$mimes['abiword'] = 'application/x-abiword';

return $mimes;


add_filter( 'upload_mimes', 'my_custom_mime_types' );

5. As always SAFE your changes

By adding the upload_mimes filter to functions.php, the behaviors of your WordPress site will change. It will be no problem to upload a before prohibited file type.

Use the upload_mimes WordPress filter hook

Open the functions.php file of your WordPress theme.

At the top of the file type this code:

// Add this to the functions.php file of your WordPress theme
// It filters the mime types using the upload_mimes filter hook
// Add as many keys/values to the $mimes Array as needed

function my_custom_upload_mimes($mimes = array()) {

// Add a key and value for the CSV file type
$mimes['csv'] = "text/csv";

return $mimes;

add_action('upload_mimes', 'my_custom_upload_mimes');

$mimes['csv'] = "text/csv" is for a file with csv as extension. The mime type for csv is text/csv. 

Contact your hosting provider


As a last resort you can have your IT team contact your hosting provider. If your hosting provider restricts what they see as unsafe file types they can reverse this situation.

Ending thoughts on Sorry, this file type is not permitted for security reasons

The error message Sorry, this file type is not permitted for security reasons is very frustrating, but the fixes listed above should relieve your frustration and it helps to remember that WordPress is concerned about your security.

Always make sure to stay protected by only allowing a restricted number of file types. Disabling ALL restrictions definitely isn’t safe. It’s best to exercise caution and use a risk-free plugin.

If you enjoyed reading this article on fixing "sorry, this file type is not permitted for security reasons", you should check out this one about how to fix the currently unable to handle this request error.

We also wrote about a few related subjects like WordPress missed schedule, how to fix the parse error syntax error unexpected, WordPress failed to import media, how to fix the WordPress parse error, how to fix the link you followed has expired and how to fix an error occurred while processing this directive.

Albert Ślusarczyk
Albert Ślusarczyk
As the co-creator of Be Theme, I am a strong believer in designing with care and patience. I pour my energy, time & knowledge into perfecting the theme for our 230,000+ customers.