◦ Comprehensive security
◦ 24/7 support
WordPress Guide → Errors → Sorry File Type Not Permitted for Security Reasons
‘Sorry, this file type is not permitted for security reasons’ and how to fix it
You’re uploading a file to WordPress, and instead of seeing it in your Media Library, you get a frustrating error: “Sorry, this file type is not permitted for security reasons.” Now what?
Don’t worry—this is a common error with several easy fixes. Whether you’re uploading an SVG, a custom font, or a file from a graphic design app, this guide will show you how to safely get it into your WordPress site.
What this error means (and why it happens)
WordPress restricts the types of files you can upload by default. This is a security feature designed to prevent users from accidentally or intentionally uploading malicious files that could harm your site.
Behind the scenes, WordPress checks every file’s MIME type—a label that tells the browser or server what kind of file it is. For example, a JPEG image uses image/jpeg, while a PDF uses application/pdf.
If the file you’re uploading doesn’t match WordPress’s approved list of file types, the upload will fail and trigger the “not permitted” error. This helps keep sites secure but can also block legitimate file types you need to use.
Common file types that trigger this error
Here are some file types that often get blocked by WordPress, even if they seem harmless:
- .svg — Scalable Vector Graphics files are commonly used for logos and icons but are blocked due to possible embedded scripts.
- .woff / .woff2 — Font files used in web design, often not allowed by default.
- .ai / .eps / .indd — Adobe Illustrator, EPS, and InDesign files are typical for designers but aren’t supported out of the box.
- .webp — A modern image format supported by most browsers but may be blocked on older WordPress versions or some hosts.
- .exe / .apk / .dmg — Executable files like Windows, Android, or Mac installers are considered high-risk and blocked for security reasons.
- .csv / .xlsx / .json — Sometimes blocked by hosts or security plugins even though they’re often used for data or imports.
If you’re trying to upload one of these file types, or any other uncommon format, WordPress might throw the file type error.
6 ways to fix the error in WordPress
Below are six reliable ways to fix the “file type not permitted” error. Choose the method that best fits your skill level and site needs.
1. Enable unfiltered uploads via wp-config.php (quickest but risky)
If you want a fast fix and you’re the only person who manages the site, you can allow all file types temporarily.
- Connect to your website using FTP or your host’s file manager.
- Open the wp-config.php file in the root folder of your WordPress site.
- Add the following line just above /* That’s all, stop editing! */:
define(‘ALLOW_UNFILTERED_UPLOADS’, true); - Save the file and upload it back to the server if needed.
- Log out and back into WordPress to refresh your permissions.
Important: This setting only works for admin users, and it completely disables file type restrictions. It’s not recommended on multi-user sites or long term. Once you’re done uploading the file, remove the line to restore security.
2. Use the File Upload Types plugin (safe and beginner-friendly)
For a secure and beginner-friendly option, the File Upload Types plugin lets you whitelist specific file types without editing code.
- In your WordPress dashboard, go to Plugins > Add New.
- Search for File Upload Types by WPForms.
- Click Install Now and then Activate.
- Go to Settings > File Upload Types.
- Find your file type (like SVG or WebP) in the list and check the box.
- Click Save Settings.
Now you can upload that file type without triggering the error, and your site stays secure.
3. Modify functions.php to allow specific MIME types
If you’re comfortable adding a few lines of code, you can add support for specific file types directly in your theme’s functions.php file.
- In your WordPress dashboard, go to Appearance > Theme File Editor.
- Select your functions.php file from the list on the right.
- Add a filter like this to allow a new MIME type:
function allow_custom_mime_types($mimes) {
$mimes[‘svg’] = ‘image/svg+xml’;
return $mimes;
}
add_filter(‘upload_mimes’, ‘allow_custom_mime_types’); - Click Update File.
You can add multiple types by expanding the array:
$mimes[‘webp’] = ‘image/webp’;
$mimes[‘woff2’] = ‘font/woff2’;
Note: If your theme gets updated, this file might be overwritten. A safer long-term option is using a child theme or a custom plugin.
4. Use a custom plugin to manage MIME types
Instead of editing your theme, you can place the same code into a simple plugin that won’t be affected by theme updates.
- Open your site files using FTP or your host’s file manager.
- Go to /wp-content/plugins/ and create a new folder like custom-mime-types.
- Inside that folder, create a file named custom-mime-types.php.
- Paste this into the file:
<?php
/*
Plugin Name: Custom MIME Types
*/
function allow_custom_mime_types($mimes) {
$mimes[‘svg’] = ‘image/svg+xml’;
return $mimes;
} - add_filter(‘upload_mimes’, ‘allow_custom_mime_types’);Save and activate your plugin in the WordPress dashboard under Plugins.
This method makes your MIME type changes permanent and independent of your theme.
5. Temporarily disable security plugins
Some security plugins—like Wordfence, iThemes Security, or Sucuri—add extra restrictions on file uploads.
If nothing else is working:
- Go to Plugins > Installed Plugins.
- Temporarily deactivate your security plugin.
- Try uploading the file again.
- If it works, re-enable the plugin and check its settings for file type rules.
Look for options like “Upload File Restrictions” or “Disallowed File Types” and adjust them to suit your needs.
6. Check hosting-level restrictions
If none of the above options work, your hosting provider may be blocking the file type at the server level. This can happen with managed hosts or if your server uses strict MIME-type settings in Apache or NGINX.
In this case:
- Contact your host’s support team.
- Ask if they’re blocking uploads of a specific MIME type.
- Request an exception or help configuring your server settings.
How to securely enable SVG uploads (special case)
SVG files are unique because they’re code-based, which means they can contain malicious scripts if not sanitized.
To upload SVGs safely, use the Safe SVG plugin:
- Install and activate Safe SVG from the plugin directory.
- Once active, it will automatically sanitize all SVGs you upload.
- You can now upload SVG files from Media > Add New.
Alternatively, use an external tool like SVGOMG to clean up and sanitize your SVG files before uploading.
Should you enable all file types?
Not always. Allowing arbitrary file uploads can expose your site to major security risks, especially if you have multiple users.
Instead:
- Only allow the file types you really need.
- Sanitize graphic formats like SVG before upload.
- Use ZIP files or cloud storage links (like Dropbox or Google Drive) for unsupported or risky file types.
How to prevent this error in the future
A few habits can help you avoid this error going forward:
- Use common file formats (like JPG, PNG, PDF, or DOCX) when possible.
- Install a plugin like File Upload Types to control allowed file types proactively.
- Keep your WordPress core, themes, and plugins up to date to avoid bugs and MIME-type mismatches.
- Limit file upload access to trusted users to reduce security risks.
Getting started with fixing file upload errors in WordPress
This file upload error can be frustrating, but it’s usually easy to fix. Whether you’re uploading fonts, graphics, or app files, you’ve got a few safe options to allow them in WordPress.
Start with a plugin like File Upload Types or Safe SVG for the safest solution. If you’re comfortable with code, a simple functions.php snippet will also do the trick.
Ready to upgrade your WordPress experience? Professional hosting improves speeds, security, and reliability for a website and a brand that people find engaging and trustworthy.
Don’t want to deal with server management and maintenance? Our fully managed hosting for WordPress is the best in the industry. Our team are not only server IT experts, but WordPress hosting experts as well. Your server couldn’t be in better hands.
Click through below to explore all of our hosting for WordPress options, or chat with a WordPress expert right now to get answers and advice.
Additional resources
Diagnosing WordPress errors on your site →
Even more common errors, how to troubleshoot them, and how to solve them
Locked out of WordPress? Here’s how to fix it →
Locked out of WordPress? Discover common causes and step-by-step solutions to regain access.
What is managed WordPress hosting? →
What it means, what it includes, and how to decide if it’s right for you