Fix “Sorry, this file type is not permitted for security reasons”

Posted on By Admin No Comments on Fix “Sorry, this file type is not permitted for security reasons”

Fix “Sorry, this file type is not permitted for security reasons”

If you’ve ever tried uploading a file to WordPress and encountered the error message “Sorry, this file type is not permitted for security reasons”, you know how frustrating it can be. This error prevents you from uploading certain file types that WordPress does not allow by default. The quick fix is to enable support for those file types safely by adding a small snippet of code to your theme or a custom plugin.

Quick Fix

  1. Access your WordPress site files via FTP or your hosting file manager.
  2. Open your active theme’s functions.php file or create a site-specific plugin.
  3. Copy and paste the following code to allow additional file types (example allows SVG and JSON):
function custom_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    $mimes['json'] = 'application/json';
    return $mimes;
}
add_filter('upload_mimes', 'custom_mime_types');
  1. Save the file and try uploading your file again.

Why This Happens

WordPress restricts file uploads to a predefined list of MIME types for security reasons. This prevents potentially harmful files from being uploaded and executed on your server. When you try to upload a file type not on this list, WordPress blocks it and shows the error message.

Commonly blocked file types include SVG, JSON, and some custom file formats. While these files can be safe, WordPress errs on the side of caution. To allow these files, you need to explicitly add their MIME types to the allowed list.

Step-by-step: Fixing on Different Environments

1. Using functions.php (Works on all setups)

  1. Log in to your hosting control panel or use an FTP client.
  2. Navigate to /wp-content/themes/your-active-theme/.
  3. Open functions.php in a text editor.
  4. Add the following code at the end of the file:
function custom_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    $mimes['json'] = 'application/json';
    return $mimes;
}
add_filter('upload_mimes', 'custom_mime_types');
  1. Save and upload the file back to the server.
  2. Test uploading your file again.

2. Using a Site-Specific Plugin (Recommended for theme-independent fix)

  1. Create a new file named custom-mime-types.php on your local machine.
  2. Paste the following code inside:
<?php
/*
Plugin Name: Custom MIME Types
Description: Allow additional file types for upload.
Version: 1.0
Author: Your Name
*/

function custom_mime_types($mimes) {
    $mimes['svg'] = 'image/svg+xml';
    $mimes['json'] = 'application/json';
    return $mimes;
}
add_filter('upload_mimes', 'custom_mime_types');
  1. Save and upload this file to /wp-content/plugins/ via FTP or file manager.
  2. Go to WordPress admin > Plugins and activate Custom MIME Types.
  3. Try uploading your file again.

3. Nginx Configuration (Optional)

If you are using Nginx and still face issues after allowing MIME types in WordPress, you may need to add MIME types in your Nginx config:

http {
    ...
    types {
        image/svg+xml svg;
        application/json json;
        # other MIME types
    }
    ...
}

After editing, reload Nginx:

sudo nginx -s reload

4. Apache Configuration (Optional)

For Apache servers, ensure the MIME types are recognized by adding them to your .htaccess or Apache config:

AddType image/svg+xml svg
AddType application/json json

Restart Apache if you edited the main config:

sudo systemctl restart apache2

5. cPanel / Plesk Users

Both cPanel and Plesk allow you to edit MIME types via their control panels:

  • cPanel: Go to Advanced > MIME Types and add the new types.
  • Plesk: Navigate to Tools & Settings > MIME Types and add the required types.

After adding, retry your upload.

Works on

  • WordPress on Apache, Nginx, LiteSpeed servers
  • Hosting control panels: cPanel, Plesk, DirectAdmin
  • Any WordPress theme or custom plugin setup
  • Local development environments like LocalWP, XAMPP, MAMP

FAQ

Q: Is it safe to allow SVG uploads in WordPress?
A: SVG files can contain malicious code if not sanitized. Use a plugin like “Safe SVG” or sanitize SVG files before uploading.
Q: Can I allow all file types by disabling this check?
A: It’s not recommended as it poses a security risk. Always whitelist only the file types you need.
Q: Why do I still get the error after adding MIME types?
Check your server’s MIME type configuration (Nginx/Apache) and ensure caching or security plugins are not blocking uploads.
Q: Can I add MIME types via a plugin instead of code?
Yes. Plugins like “WP Add Mime Types” allow you to add MIME types via the admin interface without coding.
Q: Does this fix work for multisite WordPress installations?
Yes, but you may need to add the code in the main site’s functions.php or a network-activated plugin.
Fixes & Errors Tags:, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *