How to Fix “Sorry, This File Type Is Not Permitted for Security Reasons” Error in WordPress

Do you see ‘Sorry, this file type is not permitted for security reasons’ error in WordPress?

While WordPress supports the uploading of a wide range of typical file types without issues, you might encounter an error if you attempt to upload a file type that is not compatible with the platform.

In this guide, we will show you how to easily fix ‘Sorry, this file type is not permitted for security reasons’ error in WordPress.

What Causes the “Sorry, This File Type Is Not Permitted for Security Reasons” Error?

You’ll encounter the error “Sorry, this file type is not permitted for security reasons” when you attempt to upload a file type that WordPress doesn’t support.

This error message may have popped up for you when you were adding a new file to your Media Library.

Due to security considerations, WordPress limits the file types you can upload through the WordPress admin panel. Allowed formats include common images, videos, documents, and audio files.

While you can upload files beyond these restrictions using FTP or your hosting provider’s file manager, these methods may not offer the same level of convenience as the integrated WordPress media library.

So let’s take a look at how to fix the “Sorry, this file type is not permitted for security reasons” error in WordPress.

• Check and fix file type extension spelling
• Allow new file types in WordPress with File Upload Types plugin
• Keeping your website secure when allowing additional file types

Check and Fix the File Type Extension Spelling

If you’re encountering an error while uploading a file type that you’ve successfully uploaded before, it’s possible you’ve misspelled the file extension.

File extensions are 3-4 letter suffixes that appear at the end of file names, indicating their format. For example, “holidayphoto.png” is an image file, where “holidayphoto” is the file name and “.png” is the extension.

These extensions are essential for programs and applications, including WordPress, to recognize file types. Here are the default file extensions allowed by WordPress:

Images: .png, .gif, .jpg, .jpeg, .ico
Documents: .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pps, .ppsx, .odt, .psd
Audio: .wav, .mp3, .m4a, .ogg
Video: .mp4, .m4v, .mpg, .mov, .wmv, .avi, .ogv, .3gp, .3g2

Tip: Although you can upload videos to WordPress, we always recommend uploading your videos to a video hosting site instead. This helps protect your website’s speed and performance.

When you get this error, the first thing we recommend is checking the file extension to make sure it is correct. Sometimes, you may accidentally delete a file name extension or mistype it while editing or saving a file on your computer.

On Windows 10, you can easily check file extensions. Simply open the folder that contains your file and click on the ‘View’ link at the top of the window. From here, you need to check the ‘File name extensions’ box.

After checking that box, you will now see the extension after file names.

Note: This will show the extension for all files on your computer, not just the ones in this folder.

Mac users can view file extensions by opening the Finder app and going to Finer » Preferences from the top menu.

This will bring up the Preferences popup where you need to click on the ‘Advanced’ tab and make sure that the box next to ‘Show all filename extensions’ option is checked.

Now that you can view the file name extensions, locate the file you were trying to upload and make sure it has the correct extension.

If the extension is incorrect, then you can simply right-click and select the ‘Rename’ option to change the file name and add the correct extension.

Allow New File Types in WordPress with the File Upload Types Plugin

If you are uploading a file type that is not supported by WordPress, then you can still upload it by adding it as a supported file type.

The File Upload Types plugin is the easiest way to fix the “Sorry, this file type is not permitted for security reasons” error. This was co-created by WPBeginner’s founder, Syed Balkhi.

To get started, begin by installing and activating the File Upload Types plugin. For clear instructions on this process, refer to our comprehensive guide on installing WordPress plugins.

Once the plugin is activated, navigate to the Settings » File Upload Types section within your WordPress admin area. There, you’ll find a search box where you can enter the specific file type you’d like to configure.

Next, check the box next to the file type(s) that you want to enable and click on the ‘Save Settings’ button at the bottom of the screen to store your changes.

Now, go ahead and return to the media library. You will be able to add your file(s) without getting an error message.

Keeping Your WordPress Site Secure When Permitting Additional File Types

WordPress blocks many file types as a crucial security measure for your website.

If you allow additional file types, it’s essential to implement the following security safeguards:

• Restrict file uploads for non-registered users: Implement a file upload form that limits them to specific, necessary file types.
• Utilize a WordPress security plugin: Continuously monitor your site for potential vulnerabilities.
• Schedule regular scans: Detect and address any malicious code that may have infiltrated your site.
• Implement file size restrictions: Prevent users from uploading large files that could harbor malware.
• Enable user activity logging: Maintain records of who uploaded which files, aiding in security audits and investigations.

By adhering to these measures, you can enhance your WordPress website’s security while enabling the file types you need.