How to FIX “Sorry this file type is not permitted for security reasons.”

COMPLEXITY

Intermediate

TIME

10 Minutes

ASSUMPTIONS

  • Basic knowledge of WordPress.
  • Comfortable managing your site with FTP.
  • You have made a backup of your site.

 

We have all been there while hard at work on a project and all of a sudden you get the dreaded “Sorry This File Type Is Not Permitted for Security Reasons” Error while you are trying to upload a file to your WordPress install. We have heard from a few of our customers that this often happens to them when trying to import CSV files containing settings to BodyCommerce or Divi Nitro. It is frustrating, but luckily there are a few easy solutions to fix this problem.

In today’s tutorial, we are going to show you a few ways to fix the “Sorry, This File Type Is Not Permitted for Security Reasons” issue with either a plugin and a little bit of code, so you can choose the best method for your level of comfortability with tampering with WordPress sites.

Before you dive into the fix, let’s quickly talk about what the error means.

“Sorry, This File Type Is Not Permitted for Security Reasons” WordPress error meaning

Sorry, This File Type Is Not Permitted for Security Reasons

So this whole “Sorry, This File Type Is Not Permitted for Security Reasons” error sounds way scarier than it really is because all it means is that the particular filetype is on the no-fly list for your site and all we need to do is allow the filetype you are trying to upload.

The reason WordPress does this is to prevent any security issues that result from uploading potentially malicious files that often find themselves in a file type that is executable. This can lead to absolute anarchy on a site and do some serious permanent damage that could cost thousands in hard-earned cash to fix. Not to mention the stress that comes with it.

All these file types are referred to as MIME-types. And can be anything from an image format, to a database file, to a compressed archive file.

NOTE: MIME stands for Multipurpose Internet Mail Extensions if you care. Smarter everyday, right?

Default WordPress MIME-types

By default, WordPress allows the following MIME-types:

File ExtensionMIME Type
.jpgimage/jpeg, image/pjpeg
.jpegimage/jpeg, image/pjpeg
.pngimage/png
.gifimage/gif
.icoimage/x-icon
.pdfapplication/pdf
.docapplication/msword
.docxapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
.pptapplication/mspowerpoint, application/powerpoint, application/vnd.ms-powerpoint, application/x-mspowerpoint
.pptxapplication/vnd.openxmlformats-officedocument.presentationml.presentation
.ppsapplication/mspowerpoint, application/vnd.ms-powerpoint
.ppsxapplication/vnd.openxmlformats-officedocument.presentationml.slideshow
.odtapplication/vnd.oasis.opendocument.text
.xlsapplication/excel, application/vnd.ms-excel, application/x-excel, application/x-msexcel
.xlsxapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.psdapplication/octet-stream
.mp3audio/mpeg3, audio/x-mpeg-3, video/mpeg, video/x-mpeg
.m4aaudio/m4a
.oggaudio/ogg,
.wavaudio/wav, audio/x-wav
.mp4video/mp4
.m4vvideo/x-m4v
.movvideo/quicktime
.wmvvideo/x-ms-asf, video/x-ms-wmv
.aviapplication/x-troff-msvideo, video/avi, video/msvideo, video/x-msvideo
.mpgaudio/mpeg, video/mpeg
.ogvvideo/ogg
.3gpvideo/3gpp, audio/3gpp
.3g2video/3gpp2, audio/3gpp2
NOTE: If you are looking at this on your mobile, you can drag the table left to see the rest of the table.

Other Possible WordPress MIME-types

In addition to the default WordPress MIME-types, we can permit the following:

File ExtensionMIME Type
.bmpimage/bmp
.tifimage/tiff
.tiffimage/tiff
.asfvideo/x-ms-asf
.asxvideo/x-ms-asf
.wmvideo/x-ms-wm
.wmxvideo/x-ms-wmx
.divxvideo/divx
.flvvideo/x-flv
.qtvideo/quicktime
.mpevideo/mpeg
.webmvideo/webm
.mkvvideo/x-matroska
.txttext/plain
.asctext/plain
.ctext/plain
.cctext/plain
.htext/plain
.csvtext/csv
.tsvtext/tab-separated-values
.icstext/calendar
.rtxtext/richtext
.csstext/css
.htmtext/html
.htmltext/html
.m4baudio/mpeg
.raaudio/x-realaudio
.ramaudio/x-realaudio
.midaudio/midi
.midiaudio/midi
.waxaudio/x-ms-wax
.mkaaudio/x-matroska
.rtfapplication/rtf
.jsapplication/javascript
.swfapplication/x-shockwave-flash
.classapplication/java
.tarapplication/x-tar
.zipapplication/zip
.gzapplication/x-zip
.gzipapplication/x-zip
.rarapplication/rar
.7zapplication/x-7z-compressed
.exeapplication/x-msdownload
.potapplication/vnd.ms-powerpoint
.wriapplication/vnd.ms-write
.xlaapplication/vnd.ms-excel
.xltapplication/vnd.ms-excel
.xlwapplication/vnd.ms-excel
.mdbapplication/vnd.ms-access
.mppapplication/vnd.ms-project
.docmapplication/vnd.ms-word.document.macroEnabled.12
.dotxapplication/vnd.openxmlformats-officedocument.wordprocessingml.template
.dotmapplication/vnd.ms-word.template.macroEnabled.12
.xlsmapplication/vnd.ms-excel.sheet.macroEnabled.12
.xlsbapplication/vnd.ms-excel.sheet.binary.macroEnabled.12
.xltxapplication/vnd.openxmlformats-officedocument.spreadsheetml.template
.xltmapplication/vnd.ms-excel.template.macroEnabled.12
.xlamapplication/vnd.ms-excel.addin.macroEnabled.12
.pptmapplication/vnd.ms-powerpoint.presentation.macroEnabled.12
.ppsmapplication/vnd.ms-powerpoint.slideshow.macroEnabled.12
.potxapplication/vnd.openxmlformats-officedocument.presentationml.template
.potmapplication/vnd.ms-powerpoint.template.macroEnabled.12
.ppamapplication/vnd.ms-powerpoint.addin.macroEnabled.12
.sldxapplication/vnd.openxmlformats-officedocument.presentationml.slide
.sldmapplication/vnd.ms-powerpoint.slide.macroEnabled.12
.onetocapplication/onenote
.onetoc2application/onenote
.onetmpapplication/onenote
.onepkgapplication/onenote
.odpapplication/vnd.oasis.opendocument.presentation
.odsapplication/vnd.oasis.opendocument.spreadsheet
.odgapplication/vnd.oasis.opendocument.graphics
.odcapplication/vnd.oasis.opendocument.chart
.odbapplication/vnd.oasis.opendocument.database
.odfapplication/vnd.oasis.opendocument.formula
.wpapplication/wordperfect
.wpdapplication/wordperfect
.keyapplication/vnd.apple.keynote
.numbersapplication/vnd.apple.numbers
.pagesapplication/vnd.apple.pages
NOTE: If you are looking at this on your mobile, you can drag the table left to see the rest of the table.

That is a TON of MIME-types, but if you want to fix the “Sorry, This File Type Is Not Permitted for Security Reasons” error, it is very possible that you would need to allow the upload of one of these WordPress MIME-types.

So let’s look at how we would go about getting our MIMES off the no-fly lists here.

3 Methods to FIX “Sorry, This File Type Is Not Permitted for Security Reasons”

Method 1: Modify your wp-config.php to allow any MIME-type

(This is a horrible idea!)
Edit wp-config.php WordPress

This is by far the easiest, but also the most dangerous way to resolve the “Sorry, This File Type Is Not Permitted for Security Reasons” error as it basically tells WordPress to allow a file of any MIME-type to be uploaded. We definitely do not recommend this method but felt it was important to show it so that you best understand how this all works.

Using your favorite FTP client, you can access your wp-config.php file and add the code below above the line that reads “/* That’s all, stop editing. Happy blogging. */”. Once saved, you can kiss the “Sorry, This File Type Is Not Permitted for Security Reasons” error goodbye and start uploading any file type.

PRO-TOP: If you are not sure on how to FTP into your site and make changes, check this excellent guide by the team at Elegant Themes on Managing Your WordPress Website with FTP.

Method 2: Use a 3rd Party Plugin

(This is a better idea!)
Enhanced Media Library

This is also a fairly simple method to get things going, but it does come with its own risks because these plugins are not maintained in-house and sometimes fall victim to vulnerabilities that get discovered by curious hackers. There are a bunch of plugins available that will allow you to quickly and easily allow or disallow certain MIME-types from being uploaded, we recommend Enhanced Media Library.

Once installed, you’ll head over to the MIME-types page in the plugin settings.

Enhanced Media Library

Once there, you have 2 options for allowing a new MIME-type, you can either check a box next to the MIME-type you would like to allow, or you can add a new MIME-type by clicking the “+Add New MIME Type” button at the top of the page.

Enhanced Media Library

Method 3: Allow Specific MIME-types in your functions.php

(This is the best idea!)
Edit functions.php WordPress

Carefully selecting and adding your required MIME-types with some code in the functions.php file of your child theme is by far the most secure way to get it done. Instead of exposing your site to any type of file uploads, you keep down to exactly what you need and no more. This way you minimize any potential security vulnerabilities and you are not bloating your site with a bunch of unneeded code or features. Of course, this requires a little extra technical ability, but that is why we are here.

Similar to method 1, you need to FTP into your WordPress install and edit the functions.php file of the child theme. Now note, when messing with your WordPress file code, it is always a good idea to make a backup of the file at the very least in case something goes wrong. We recommend backing up your whole site before you touch any code.

With that said, we will add your new MIME-types in the functions.php file by pasting the code below before the closing PHP tag. In our example, we are adding CSV upload, but you can add any file type listed above. Just replace the file extension and MIME-type with what you want.

PRO-TOP: If you are not sure on how to FTP into your site and make changes, check this excellent guide by the team at Elegant Themes on Managing Your WordPress Website with FTP.

Congrats, all done! Now MIME your excitement 🥁

Happy MIME dance

Conclusion

As you can see, the “Sorry, This File Type Is Not Permitted for Security Reasons” is mostly bark with no bite. With a few easy steps, you can quickly resolve it and get back to your awesome WordPress project. Just be careful which implementation you choose because as we mentioned, they each carry their own level of inherent risk.

Good luck and stay safe out there folks!

4 Comments

  1. I followed your suggestion and edited the function.php of my installation
    I tried to use the fonts in a module by uploading the files .otf and .ttf in the design-tab of the text.module
    still get the “permission problem”, can’t upload the file

    I used the mime types ‘font/otf’ and ‘font/ttf’

    no chance

    • Hello Connie!

      Robey from the Divi Engine team here.

      WordPress is notoriously fussy when it comes to fonts, especially TTF files.

      Sometimes for cases like this, you need to add an additional filter to the functions.php file below the code block where we enable the mime types.

      Please go ahead and add the code below to your functions.php and let me know if it works 🙂


      function divi_engine_font_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {

      if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
      return $data;
      }

      $wp_file_type = wp_check_filetype( $filename, $mimes );

      // Check for the file type you want to enable, e.g. 'svg'.
      if ( 'ttf' === $wp_file_type['ext'] ) {
      $data['ext'] = 'ttf';
      $data['type'] = 'font/ttf';
      }

      if ( 'otf' === $wp_file_type['ext'] ) {
      $data['ext'] = 'otf';
      $data['type'] = 'font/otf';
      }

      return $data;
      }
      add_filter( 'wp_check_filetype_and_ext', 'divi_engine_font_correct_filetypes', 10, 5 );

      • Hi I tried the above function and now it won’t let me upload png or jpg files. I tried to add those in the function but it doesn’t work. Is there a way to get them allow uploads? I can successfully upload svg using a different function and it allows png and jpg uploads but not font files.
        Thanks

      • Just wondering why you guys never follow up on your blogposts ad or video tutorials.
        When you don’t want to just turn of the option to reply.

        This is becoming an embarrassment and not just on your own site but also on Youtube and the Facebook groups!

Submit a Comment

Explore more from Divi Engine