Sorry, This File Type Is Not Permitted For Security Reasons ❌ FIXED

sorry this file type is not permitted for security reasons wordpress mime type error

Fix Sorry, This File Type Is Not Permitted For Security Reasons WordPress Error

You must have come across This File Type is Not Permitted Error message – ❌ “Sorry, this file type is not Permitted for security reasons.” while uploading images in your WordPress site. This is the message that appears when you try to upload file using the WordPress upload utility, a default forbidden extension for your favorite CMS.

These are some of the most commonly found queries around this WordPress error message.

  • images – How do I fix “Sorry, this file type is not permitted for security reasons .svg, .jpg, .ovg, .png?
  • Upload file type not permitted even if explicitly registered
  • php – How do I get around “Sorry, this file type is not permitted?
  • Upload Error – upload_mimes not accepting CSV – WordPress

You have probably already arrived to wish to download a video rather special type of file on WordPress that was not supported by the file manager of your blog. You have probably turned to another solution or you were still looking. 

wordpress error message sorry this file type is not permitted for security reasons

If you want to simplify your life without having to touch your code, You can also use the plugins to add more files extensions, which allows to realize (with an interface) what I am about to describe you throughout this article. Here you will learn more about wp add mime types, why does this WordPress error occurs? & ❌ How to fix “Sorry, This File Type Is Not Permitted For Security Reasons” using plugins.

Firstly, we must know about,


MIME stands for Multipurpose Internet Mail Extensions. MIME types are used by browsers and other internet devices to determine the type of content associated with a page. For instance, if you have a .png file and a .jpeg file on the page, the browser would know by their MIME types to treat both files as images rather than videos or other file types.

By default, WordPress has a list of registered mime types stored in wp-includes/functions.php. Using the wp_get_allowed_mime_types() function you can get a list of MIME types WordPress recognizes. These files are the file types recognized by WordPress. However, not all MIME types recognized are allowed to be uploaded in the WordPress Admin Dashboard.

Related Post – Fix Error Establishing a Database Connection in WordPress

Why you see this WordPress error message ?

As configured WordPress by default, from the administration area we can upload images, documents such as PDFs, Word, Pages, OpenOffice and even audio, midi and video files to the server. This is the list of most used file extensions that you accept if we have not made any changes. If you need a reference of which MIME types are available web-wide to add, see this comprehensive list.  For more information on which files are allowed, See Uploading Files documentation

MIME Types & File Extensions Supported by WordPress



.jpg image/jpeg, image/pjpeg
.jpeg image/jpeg, image/pjpeg
.png image/png
.gif image/gif
.ico image/x-icon
.pdf application/pdf
.doc application/msword
.docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
.ppt application/mspowerpoint, application/powerpoint, application/, application/x-mspowerpoint
.pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
.pps application/mspowerpoint, application/
.ppsx application/vnd.openxmlformats-officedocument.presentationml.slideshow
.odt application/vnd.oasis.opendocument.text
.xls application/excel, application/, application/x-excel, application/x-msexcel
.xlsx application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.psd application/octet-stream
.mp3 audio/mpeg3, audio/x-mpeg-3, video/mpeg, video/x-mpeg
.m4a audio/m4a
.ogg audio/ogg,
.wav audio/wav, audio/x-wav
.mp4 video/mp4
.m4v video/x-m4v
.mov video/quicktime
.wmv video/x-ms-asf, video/x-ms-wmv
.avi application/x-troff-msvideo, video/avi, video/msvideo, video/x-msvideo
.mpg audio/mpeg, video/mpeg
.ogv video/ogg
.3gp video/3gpp, audio/3gpp
.3g2 video/3gpp2, audio/3gpp2

Related Post – WordPress Website Maintenance Tasks & Checklist

Other MIME TYPES Recognized by WordPress.



.bmp image/bmp
.tif image/tiff
.tiff image/tiff
.asf video/x-ms-asf
.asx video/x-ms-asf
.wm video/x-ms-wm
.wmx video/x-ms-wmx
.divx video/divx
.flv video/x-flv
.qt video/quicktime
.mpe video/mpeg
.webm video/webm
.mkv video/x-matroska
.txt text/plain
.asc text/plain
.c text/plain
.cc text/plain
.h text/plain
.csv text/csv
.tsv text/tab-separated-values
.ics text/calendar
.rtx text/richtext
.css text/css
.htm text/html
.html text/html
.m4b audio/mpeg
.ra audio/x-realaudio
.ram audio/x-realaudio
.mid audio/midi
.midi audio/midi
.wax audio/x-ms-wax
.mka audio/x-matroska
.rtf application/rtf
.js application/javascript
.swf application/x-shockwave-flash
.class application/java
.tar application/x-tar
.zip application/zip
.gz application/x-zip
.gzip application/x-zip
.rar application/rar
.7z application/x-7z-compressed
.exe application/x-msdownload
.pot application/
.wri application/
.xla application/
.xlt application/
.xlw application/
.mdb application/
.mpp application/
.docm application/
.dotx application/vnd.openxmlformats-officedocument.wordprocessingml.template
.dotm application/
.xlsm application/
.xlsb application/
.xltx application/vnd.openxmlformats-officedocument.spreadsheetml.template
.xltm application/
.xlam application/
.pptm application/
.ppsm application/
.potx application/vnd.openxmlformats-officedocument.presentationml.template
.potm application/
.ppam application/
.sldx application/vnd.openxmlformats-officedocument.presentationml.slide
.sldm application/
.onetoc application/onenote
.onetoc2 application/onenote
.onetmp application/onenote
.onepkg application/onenote
.odp application/vnd.oasis.opendocument.presentation
.ods application/vnd.oasis.opendocument.spreadsheet
.odg application/
.odc application/vnd.oasis.opendocument.chart
.odb application/vnd.oasis.opendocument.database
.odf application/vnd.oasis.opendocument.formula
.wp application/wordperfect
.wpd application/wordperfect
.key application/
.numbers application/
.pages application/

To improve security and prevent potentially dangerous files from being uploaded to the server, in addition to WordPress restrictions, there may also be limitations on the hosting provider, such as not allowing certain extensions or limited file sizes, thus the error occurs. 

Related Post – Remove Google Blacklist Warning Message

 Add/Remove a MIME file type

As far as we concerned, we encountered the problem with a sc2replay file (replay of the Starcraft 2 video game). The manipulation is quite simple, it consists of inserting a few lines in the file functions.php, which is normally at the root of your theme (in / wp-content / theme / your-theme /).

If you do not know the mime type of the file extension you want to add, we recommend a little search on Google.

Be careful, keep these lines of codes at hand because when you change the theme of your blog, you will need to insert these lines in the theme you will use. 

// function of new_update_mime()
add_filter('upload_mimes', 'new_update_mime'); 
// $existing_mimes from the list exist
function non_update_mime ( $existing_mimes = array() ) {
   $existing_mimes['sc2replay'] = 'application/octet-stream';
   return $existing_mimes;

To remove a mime type, you can use unset in your function: 
unset( $existing_mimes['exe'] );

Add custom mime types to WordPress

//The following goes in a themes functions file or a custom hooks plugin
function custom_upload_mimes ( $existing_mimes ) {
$existing_mimes['epub'] = 'application/epub+zip';
$existing_mimes['mobi'] = 'application/x-mobipocket-ebook';
return $existing_mimes;
add_filter('upload_mimes', 'custom_upload_mimes');

Related Issue – Fix WordPress Stuck in Maintenance Mode   |    How to fix “The link you followed has expired” in WordPress?

How To Fix “Sorry, this file type is not supported for security reasons error” In WordPress?

This issue can be fixed by following ways:

  • Modifying theme’s functions.php file
  • Installing WordPress Plugins
  • Editing WP-CONFIG.PHP
  • Using multisite settings

1.Modifying theme’s functions.php file

What we want to do is to integrate a field in the WordPress settings (here Settings> Media> Send files) to customize the extensions allowed.

Still, in your theme’s functions.php file, you can insert these lines of code to insert a custom parameter field ‘ext’ (you can later call the function get_option (‘ext’) to get the result of this field. 

function add_media_field() {
   add_settings_section( 'fichier', __('new fichiers'), 'display_ext', 'media' );
   register_setting( 'media', 'ext' );

function display_ext(){

   echo '<input style="width: 85%;" name="ext" value="'.get_option('ext').'" type="text" id="ext" size="30"></input>';
   echo __('get it to the point (press space bar, ex: "mp3 doc gif")');

To summarize these lines of code add_action (‘admin_init’, ‘add_media_field’) starts the add_media_field () function when the user is in the wp-admin area of ​​Wordpress. The function add_media_field () adds a section (add_settings_section) ‘Sending files’ and is responsible for displaying a section on the right page (Settings> Media) by inserting display_ext (). register_setting (‘media’, ‘ext’) is responsible for registering the ‘ext’ option transmitted by the form. 

You can replace the line with add_settings_section with this one if you want to add only one field in an existing section and not an entire section: 

add_settings_field( ‘ext’, ‘Extension’, ‘display_ext’, ‘media’, ‘default’, array( ‘label_for’ => ‘ext’ ) ); 

These few lines allowed us to add an option in the administration. Now, we must always add the types associated with the option ‘ext’ so that we can use the media of WordPress with the extensions you want. For this, we need a special file, including over 600 file extensions and their associated types. Look for and download types-mimes.php_.txt file and put it in the ‘inc’ folder of your theme by renaming it ‘types-mimes.php’.

Now, always in the ‘functions.php’ file of your theme, add this: 

add_filter('upload_mimes', 'custom_upload_mimes'); 
function custom_upload_mimes ($existing_mimes = array()) {
   $mimetype = new mimetype();
   $file_types = get_option('ext');
   $variables = explode(' ', $file_types); 
   foreach($variables as $value) {
       $value = trim($value);
       if(!strstr($value, '/')) {
           $mime = $mimetype->privFindType($value);
       } else {
           $mime = $value;
       $existing_mimes[$value] = $mime;
   return $existing_mimes;

class mimetype {

  function privFindType($ext) {
     $mimetypes = $this->privBuildMimeArray(); 
     if (isset($mimetypes[$ext])) {
        return $mimetypes[$ext];
     } else {
        return 'application/octet-stream';
   function privBuildMimeArray() {
       return $types;

The custom_upload_mimes () function goes through the list of extensions and uses the mimetype class to associate it with a mime type. If no type is found, the extension takes the mime type ‘application / octet-stream’.   

You can also download the below mentioned plugin to fix this ❌ WordPress error message.

Related Post – Best WordPress Security Plugins in 2024

2. Using WordPress Plugins to Add MIME TYPES

Three commonly used plugins include Pro Mime Types,  Disable Real MIME Check, WP Add Mime Types or WP Extra File Types, which will both enable WordPress to recognize other file types  (like .epub or .mobi files from eBooks). 

Pro Mime Types

You can easily fix such errors by using this WordPress plugin. It works for both one and multiple sites.

Here are the necessary steps:

  • Install the plugin and activate it.
  • Go to Settings  -> Mime Type Settings.

Now you have to add the same mime type you want to upload – the extension that is not supported yet. You can find almost all the same types here.

The Mime Type must be added in a specific format. For example, to enable .abiword files to be downloaded, you need to add the following line:

  • AbiWord=application/x-abiword

Once you’re done, tap the Save button. The new Mime Type will appear at the bottom of the list, in red.

WP Add Mime Types

This plugin additionally allows the mime types and file extensions to WordPress. In other words, your WordPress site can upload various file extensions.

 MIME TYPES allowed in wordpress

Disable Real MIME Check

Many  users after updating the engine to WordPress 4.7.1 encountered the problem of the impossibility of downloading to the site any files other than images. When you try to download a regular .doc file to the site, the engine displays the message:

“Sorry, the type of this file is not permitted for security reasons.”

The problem did not affect all the users of the engine, but quite a few. This is an officially registered bug that should be fixed in version 4.7.2 . But what if you need to download files right now? You can use the small Disable Real MIME Check plug-in that solves this problem.

Download the plugin and install it:

1 Unpack the archive.

2 Copy the disable-real-mime-check folder to / wp-content / plugins / .

3 Go to the site admin panel on the ” Plugins ” tab and activate the plugin.

And it’s all. After activating the plugin, downloading any file types will be restored. In fact, the plugin installation can be replaced with a small code that you will need to insert into the functions.php file of your theme:

function wph_disable_mime_check ( $ data ,  $ file , $ filename , $ mimes ) {
   $ wp_filetype  = wp_check_filetype ( $ filename ,  $ mimes ) ;
   $ ext  = $ wp_filetype [ 'ext' ] ;
   $ type  = $ wp_filetype [ 'type' ] ;
   $ proper_filename  = $ data [ 'proper_filename' ] ;
   return  compact ( 'ext' ,  'type' , 'proper_filename' ) ;
add_filter ( 'wp_check_filetype_and_ext' ,  'wph_disable_mime_check' , 10 , 4 ) ;

But the plugin, of course, is more convenient, since it does not require manual editing of the theme files.

Related Post – How to Backup WordPress Database Manually + Plugins

3. Editing wp-config.php

The file “wp-config.php” is located in the root directory of your WordPress installation, in the same place as the ” wp-admin,” ”  wp-includes ” and ” wp-content ” folders. The file contains a lot of information necessary for WordPress to work. If this file is not installed correctly, WordPress will not work, which means that your site will be unavailable or inaccurate data may even destroy your installation.

To allow each type of file, all you need to do is:

  1. Log in to your website using an  FTP client or File Manager.
  2. Navigate to the WordPress installation directory and search for the wp-config.php file. Edit it.
  3. Paste the following line of code anywhere above the line that says ” That’s all, stop editing!” Happy blogging ‘:

Related Issue – WordPress Upload Failed To Write File To Disk Error   |   WordPress HTTP Image Upload Error

4. Using WordPress Multisite Settings

In WordPress Multisite you can add the file type that you want to upload in the “Upload file types” option  in network admin area.

Network Admin Area -> Settings -> Upload Settings

 Fix The Issue Using WordPress Multisite Settings.

Contact your hosting provider

If you have already tried all the steps mentioned above and nothing seems to work for you, it may be useful to contact your hosting provider. Sometimes, hosting providers limit certain file formats to provide some security, and they can better guide you through that.

Also Read –  “This Account Has Been Suspended” – WordPress Down[Fix]


The WordPress error Sorry, this type of file is not Permitted because of security reasons is troublesome. But, you can still fix it by following the above given steps. We hope that the tutorial was easy to follow and that it guided you successfully through the resolution of this problem.

WP Hacked Help probably remains one of the best WordPress malware scanners to improve security on WordPress. It can both play a preventive role and a curative role, helping you locate files affected by the hacking. Please refer to our posts on Best WordPress Security Plugins in 2024 & How to Secure Your WordPress Site in 2024

If you have any questions, our experts would be happy to answer them.


Other Popular Articles


24/7 WP Security & Malware Removal
Is your site hacked or infected with malware? Let us get it fixed for you
Secure My Website(s)