If you encounter the “Sorry, This File Type Is Not Permitted for Security Reasons” error when trying to upload a file to the WordPress Media Library, be rest assured that it’s there for a good reason, and is easy to fix.

In this article, we will explain why this restriction occurs. We will list various ways that will make it possible for you to upload different file types to so that you can use them in your Avada website.

What Is The Reason For The Error?

This error happens in WordPress when you try to upload a prohibited file type because of possible security concerns. It’s not to say the file type you want to upload is inherently dangerous, although some are (.exe files, for example). It’s just a WordPress conservative default setting. So if you’re going to upload a file type that’s not allowed by default, you will need to make some changes to the WordPress settings.

Your host may limit certain file types and file sizes as well, so in the end, if you can’t solve this issue by yourself, make sure to seek support from your website hosting provider.

What Files Types Are Allowed?

By default, these are the file types that you can upload in WordPress:

  • .jpg
  • .jpeg
  • .png
  • .gif
  • .pdf
  • .doc
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd
  • .mp4

  • .m4v

  • .mov

  • .wmv

  • .avi

  • .mpg

  • .ogv

  • .3gp

  • .3g2

  • .mp3

  • .m4a

  • .ogg

  • .wav

Suppose you are trying to upload a file type that’s not on this list. In that case, you will likely encounter the ‘Sorry, This File Type Is Not Permitted for Security Reasons’ error message. For example, you may be trying to upload a custom font, such as a .eot .ttf or .woff file. Or perhaps you want to upload a .json or .svg file. Let’s look at the four ways you can achieve this.

WordPress Multisite Settings

If your site happens to be a WordPress Multisite install, then you’re in luck. There’s a straightforward way to add file types to the list of allowed types. Navigate to My Sites > Network Admin > Settings, as seen below, and you can add your desired file type directly in the settings.

In the Upload Settings tab, you can add the file extension (e.g., .woff, .json, .ttf) you wish to add into the Upload File Types field. You can also control the upload file size if you want to.

Once you have added your file type, save your changes, and this will update the permitted file types for all the sites in your network, enabling you to upload any file types included in the setting.

Editing The Theme ‘functions.php’ File

If you’re not on a WordPress Multisite install , no problem. Another way to edit your site’s permitted MIME types is to do it manually inside of the Avada functions.php file. Note that when making any change to the themes files, it is recommended that a Avada Child Theme is used. Doing this will ensure that any changes you make are not affected or removed when updating the theme.

The functions.php file defines the functions of your WordPress site. And you can also use filters to modify the WordPress default functions. By adding the Upload_Mimes filter to the functions.php file, you’ll be changing WordPress’s default behavior when you attempt to upload a restricted file type. Make sure you have a full backup of your site before you begin, which, of course, ensures you have a way to restore the site if anything goes wrong. To access the functions.php file, you will need to use an FTP client, such as FileZilla. You can locate the function.php file by navigating to the wp-content/themes/Avada-Child-Theme/ folder.

Open the functions.php file to edit, and then you can add the following code as a starting point:

Copy to Clipboard

Add your desired MIME types and their corresponding extensions to the array (we have added the .svg file type as an example in this code).

WordPress upload validation relies on the fileinfo PHP extension, which is causing some inconsistencies, at least until WP 5.5 (version at time of writing). In order to fix them, a second filter is needed form some file types, such as .svg and .json:
Copy to Clipboard

Make sure to save the changes to your functions.php file when you’ve finished editing.

Using a Plugin

You can also install a choice of plugins that will make it possible to upload file types to be uploaded to the WordPress media library. And here, it’s useful to know a bit about MIME types. MIME stands for Multipurpose Internet Mail Extensions. These are used by browsers to determine the type of content associated with a page. For example, if you have both a .jpg file and a .png file on a page, the browser would know by their MIME types to treat both files as images rather than videos or other file types.

Many plugins allow for the addition of MIME types. A few to consider are Media Library Assistant, or WP Extra File Types (and others). For this article, we will discuss the WP Extra File Type plugin.

Once the plugin is activated, head over to Settings > Extra File Types. Listed here are all the available MIME types you can add. Simply find your desired file type, check the box next to the file type and scroll to the bottom and Save your changes.

If your desired File Type is not on the list, scroll to the very bottom of the page, and click on ‘Add your custom file types’, and there you can then enter the details of the file type. Click Save Changes, and you should be good to go. If you have a tricky file type, there are a few options at the top that can help. For a complete list of MIME types, check out this site.

Editing The WordPress ‘wp-config’ File

Finally, you can also enable all file types to be uploaded by adding the following code snippet to the WordPress wp-config.php file. This file is located in the root of your WordPress installation. Again, you can the wp-config.php file using an FTP client, editing the file directly, or downloading it to your computer first. Add the code snippet above the following line in that file:

/* That’s all, stop editing! Happy blogging. */

Copy to Clipboard

Please note that this is not a recommended method for permanent changes to file type permissions and could accidentally allow you or your users to upload malicious files. Still, it is quick and easy and can be used in a temporary fashion, to upload certain file types when building your site, and then to remove the line from the wp-config file to restore the default behavior when you are done.


The upload permissions for default file types in WordPress are there for a good reason. That said, there are times when you will want to add additional file types to this list, either permanently or temporarily.

As always, make sure you take regular full backups of your site and plugins if you decide to make any changes.

Subscribe To Our Newsletter

Receive all of the latest news and updates fresh from ThemeFusion!

Leave a comment