Share
If you encounter the “Sorry, This File Type Is Not Permitted for Security Reasons” error when trying to upload a file to the WordPress Media Library, be rest assured that it’s there for a good reason, and is easy to fix.
In this article, we will explain why this restriction occurs. We will list various ways that will make it possible for you to upload different file types so that you can use them in your Avada website.
Overview
What Is The Reason For The Error?
This error happens in WordPress when you try to upload a prohibited file type because of possible security concerns. It’s not to say the file type you want to upload is inherently dangerous, although some are (.exe files, for example). It’s just a WordPress conservative default setting. So, if you upload a file type that’s not allowed by default, you must change the WordPress settings.
Your host may also limit certain file types and file sizes, so in the end, if you can’t solve this issue by yourself, seek support from your website hosting provider.
What Files Types Are Allowed?
By default, these are the file types that you can upload in WordPress:
Images:
Documents:
Videos:
Audio:
Suppose you are trying to upload a file type that is not on this list. In that case, you will likely encounter the ‘Sorry, This File Type Is Not Permitted for Security Reasons’ error message. For example, you may be trying to upload a custom font, such as a .eot .ttf or .woff file. Or perhaps you want to upload a .json or .svg file. Let’s look at the four ways you can achieve this.
WordPress Multisite Settings
If your site happens to be a WordPress Multisite install, then you’re in luck. There’s a straightforward way to add file types to the list of allowed types. Navigate to My Sites > Network Admin > Settings, as seen below, and you can add your desired file type directly in the settings.
In the Upload Settings tab, you can add the file extension (e.g., .woff, .json, .ttf) you wish to add to the Upload File Types field. You can also control the upload file size if you want to.
Once you have added your file type, save your changes, and this will update the permitted file types for all the sites in your network, enabling you to upload any file types included in the setting.
Editing The Theme ‘functions.php’ File
If you’re not on a WordPress Multisite install, no problem. Another way to edit your site’s permitted MIME types is to do it manually inside of the Avada functions.php file. Note that when making any change to the themes files, it is recommended that a Avada Child Theme is used. Doing this will ensure that any changes you make are not affected or removed when updating the theme.
The functions.php file defines the functions of your WordPress site. You can also use filters to modify the WordPress default functions. Adding the Upload_Mimes filter to the functions.php file will change WordPress’s default behavior when you attempt to upload a restricted file type. Make sure you have a complete backup of your site before you begin, which ensures you can restore the site if anything goes wrong. To access the functions.php file, you must use an FTP client, such as FileZilla. You can locate the function.php file by navigating to the wp-content/themes/Avada-Child-Theme/ folder.
Open the functions.php file to edit, and then you can add the following code as a starting point:
Add your desired MIME types and their corresponding extensions to the array (we have added the .svg file type as an example in this code).
WordPress upload validation relies on the fileinfo PHP extension, causing inconsistencies until WP 5.5. To fix them, a second filter is needed for some file types, such as .svg and .json:
Make sure to save the changes to your functions.php file after editing.
Using a Plugin
You can also install a choice of plugins that will make it possible to upload file types to be uploaded to the WordPress media library. And here, it’s helpful to know a bit about MIME types. MIME stands for Multipurpose Internet Mail Extensions. Browsers use these to determine the type of content associated with a page. For example, if you have both a .jpg file and a .png file on a page, the browser would know by their MIME types to treat both files as images rather than videos or other file types.
Many plugins allow for the addition of MIME types. A few to consider are Media Library Assistant, or WP Extra File Types (and others). This article will discuss the WP Extra File Type plugin.
Once the plugin is activated, head over to Settings > Extra File Types. Listed here are all the available MIME types you can add. Find your desired file type, check the box next to the file type, scroll to the bottom, and Save your changes.
If your desired File Type is not on the list, scroll to the very bottom of the page and click on ‘Add your custom file types’, and there you can enter the file type details. Click Save Changes, and you should be good to go. If you have a tricky file type, a few options at the top can help. For a complete list of MIME types, check out this site.
Editing The WordPress ‘wp-config’ File
Finally, you can also enable all file types to be uploaded by adding the following code snippet to the WordPress wp-config.php file. This file is located at the root of your WordPress installation. Again, you can use the wp-config.php file using an FTP client, editing the file directly, or downloading it to your computer first. Add the code snippet above the following line in that file:
/* That’s all, stop editing! Happy blogging. */
Please note that this is not recommended for permanent changes to file type permissions and could accidentally allow you or your users to upload malicious files. Still, it is quick and easy and can be used temporarily to upload certain file types when building your site and then to remove the line from the wp-config file to restore the default behavior when you are done.
Summary
The upload permissions for default file types in WordPress are there for a good reason. That said, there are times when you will want to add additional file types to this list, either permanently or temporarily.
As always, make sure you take regular full backups of your site and plugins if you decide to make any changes.