How to Fix “Sorry, This File Type Is Not Permitted for Security Reasons” Error in WordPress (7 Easy Methods)

Are you encountering the error message “Sorry, this file type is not permitted for security reasons” when trying to upload to your WordPress Media Library?

Or perhaps you’ve seen “{filename} has failed to upload”?

This error appears when WordPress blocks file uploads that don’t match its list of supported types. The good news? You can resolve this issue by adjusting your settings to allow additional file formats.

And in this blog, I’ll tell you just that. We’ll take a look at a couple of simple methods to resolve the “Sorry, this file type is not permitted for security reasons” error in WordPress.

Let’s get started…

What Causes the “Sorry, this file type is not permitted for security reasons” Error Message?

WordPress restricts uploads by default to protect against security risks from executable or unknown files. If you attempt to upload an unsupported file, you’ll see this error:

“Sorry, this file type is not permitted for security reasons.”

Or, if you’re using the latest version of WordPress:

“Sorry, you are not allowed to upload this file type.”

By default, the file types that you can upload in WordPress are:

Category	File Extensions
Images	.jpg, .jpeg, .png, .gif, .ico, .bmp, .svg, .tiff
Documents	.pdf, .doc, .docx, .ppt, .pptx, .pps, .ppsx, .odt, .xls, .xlsx, .csv, .psd, .rtf
Audio	.mp3, .m4a, .ogg, .wav, .flac, .aac
Video	.mp4, .m4v, .mov, .wmv, .avi, .mpg, .ogv, .3gp, .3g2, .webm

Typically, unsupported file formats like .tff or .woff (e.g., custom font files) commonly trigger this error. Although you can resolve this issue by modifying MIME types, there is an alternative method, which is to upload files through FTP or your WordPress hosting provider’s file manager.

That said, these methods can be less convenient than using the built-in WordPress media library.

Okay, so…how do you solve this problem?

Let’s find out…

Fastest Hosting for WordPress – Just $11/Month!

Upload and manage files hassle-free with Cloudways’ optimized LAMP + NGINX stack. Enjoy high-speed performance without compromising security.”

Try For Free

How to Fix the “Sorry, This File Type Is Not Permitted for Security Reasons” Error? (7 Easy Methods)

When this error pops up, I usually start by adding a quick snippet to the wp-config.php file. It’s nothing complicated, especially if you’re comfortable with a bit of file editing. But if you’re not into that, WordPress plugins work just as well and save you the trouble of getting into the code.

I also double-check the file extension spelling—sometimes, the issue is just a small typo. If you’re uploading SVG files, you can enable support for such file types using a plugin like WPCode, which lets you add the necessary code without editing files manually.

Before doing anything, I always recommend backing up your site. With Cloudways, you can create automated backups, on-demand backups, and even scheduled backups, making sure your site is always safe.

Now that I’ve gone over how I usually fix this issue, let’s take a closer look at all the different ways you can solve it yourself. You can also check out how to fix 500 internal server error or 404 error on WordPress.

1. Add a Code Snippet to wp-config.php

To allow all file types to be uploaded to your site, you’ll need to add a simple line of code to your wp-config.php file. This file holds important information about your site’s database, so be cautious when making changes—incorrect file uploads, whether accidental or malicious, can pose a risk.

Start by connecting to your server through SSH and locating the wp-config.php file in the public_html directory (or webroot).

Since I’m using Cloudways, I can use the built-in SSH terminal from the Cloudways dashboard.

Once you’ve accessed the file, add the following code snippet just above the line that says “/* That’s all, stop editing. Happy blogging. */”:

define(‘ALLOW_UNFILTERED_UPLOADS’, true);

This will enable unrestricted file uploads, but make sure you only use this if you’re confident about the security of the files being uploaded.

If you’re using an Apache server, you can modify your .htaccess file to allow all traffic on your site:

• Access your server files via FTP or SFTP. I’ll use FileZilla.
• Navigate to the public_html directory.
• Locate the .htaccess file (make sure hidden files are visible).
• Download the .htaccess file to your local machine and open it in a text editor.
• Add the following code to the file to allow all file types:

<IfModule mod_mime.c>

AddType application/octet-stream .*

</IfModule>

• This line tells the server to allow all file types to be uploaded to your WordPress site.
• If you want to restrictive and only allow certain file types, you can define them specifically in the .htaccess file. For example:

<IfModule mod_mime.c>

AddType application/octet-stream .jpg .png .pdf .svg

</IfModule>

• Save the file and upload it back to the public_html directory, replacing the existing .htaccess file.

2. Use a WordPress Plugin

If you’d rather not deal with editing the wp-config.php file, there are several WordPress plugins that allow you to upload prohibited file types with ease.

Keep in mind that third-party plugins can sometimes interfere with your site’s functionality, so always use them cautiously.

For this, we’ll use the WP Extra File Types plugin, which is free and available in the WordPress plugin repository.

Here’s how to use it:

• First, install and activate the plugin from the WordPress admin dashboard.

• After activation, go to Settings > Extra File Types.
• On the settings page, you’ll see a list of file types you can allow for upload. Simply select the ones you want to enable.

• Don’t forget to click Save Changes to apply your selections.

• If you need to add a custom file type, there’s an option at the bottom of the page for that as well.

If you’re running a WordPress multisite, it’s pretty straightforward to allow additional file types without needing plugins or any coding.

Here’s how you can do it:

• Head to Settings in your WordPress admin panel.
• Then, click on Network Settings.

• Scroll down to the Upload Settings section, and under Upload File Types, just add the file extensions you want to allow.

• Don’t forget to hit Save Changes when you’re done.

This is an easy way to adjust your file upload settings directly within WordPress.

3. Check File Extension Spelling

Sometimes, you may encounter the “file type not permitted” error even if you’ve uploaded similar files before. The most common cause is a misspelled file extension.

A file extension is the short suffix (usually three or four letters) that identifies a file type. For example, .jpg, .jpeg, .pdf, .doc, .docx, .ppt, .pptx, etc. These extensions help WordPress recognize what type of file you’re uploading.

I’ve covered a table of file types that WordPress accepts earlier in this blog. Feel free to check that out for a quick refresher.

If you’re getting an upload error, verify that the file extension is spelled correctly. Even a minor typo can prevent WordPress from accepting the upload.

On Windows, you can view the file extension like so:

1. Open the folder with your file.
2. Click the ‘View’ tab > Show.
3. Check the box for ‘File name extensions’.

You’ll now see extensions displayed with file names.

And on Mac:

1. Open Finder, then click ‘Finder’ > ‘Settings’ (or ‘Preferences’) from the top menu.
2. Go to the ‘Advanced’ tab.
3. Ensure ‘Show all filename extensions’ is checked.

Once extensions are visible, confirm that the file has the proper extension. For example, if the file is named document.doccx, rename it to document.docx by right-clicking and selecting ‘Rename’.

Fully Managed Hosting for WordPress That Autoscales

Manage your WordPress site with ease on Cloudways Autonomous. Get fast, secure hosting that scales with your traffic—all without any setup headaches.

Try Today

4. Increase the File Upload Limit

WordPress restricts file uploads based on predefined size limits. If you’re trying to upload a permitted file type but still seeing the “Sorry, this file type is not permitted for security reasons” error, it might be due to the file exceeding the allowed upload size. Increasing the maximum file upload limit can help resolve this issue.

Here’s how you can do it:

1. Update the .htaccess File (For Apache Servers)

If your site is running on Apache, you can modify the .htaccess file to allow larger uploads:

Connect to your server via FTP and navigate to your WordPress root directory.

Open .htaccess and add these lines before # BEGIN WordPress:

php_value upload_max_filesize 64M

php_value post_max_size 128M

php_value memory_limit 256M

php_value max_execution_time 300

php_value max_input_time 300

Save and upload the file back to your server.

2. Modify functions.php (For NGINX Servers)

NGINX servers do not use .htaccess, so you’ll need to edit your theme’s functions.php file instead:

Go to Appearance > Theme File Editor in your WordPress dashboard.

Open the functions.php file and add:

@ini_set( 'upload_max_size' , '64M' );

@ini_set( 'post_max_size', '128M' );

@ini_set( 'max_execution_time', '300' );

Save the file. (Note: This change applies only to the current theme.)

3. Edit php.ini (Direct Server Configuration)

If you have direct access to your server’s PHP configuration, you can modify the php.ini file:

Connect to your server via FTP or SSH and locate php.ini in the root directory.

If the file isn’t there, create a new one and add:

upload_max_filesize = 64M

post_max_size = 128M

memory_limit = 256M

Finally, save and upload it back to your server.

For more detailed methods to increase the file upload limit in WordPress, check out this detailed guide.

5. Enable SVG Support Using a Plugin

If you’re encountering the “Sorry, you are not allowed to upload this file type” error when trying to upload an SVG file, it’s because WordPress doesn’t allow SVGs by default due to security concerns.

However, you can enable SVG support safely using a plugin.

One simple way to do this is by installing the Safe SVG  plugin:

1. Go to Plugins » Add New in your WordPress dashboard.
2. Search for Safe SVG, install, and activate the plugin.
3. Once activated, you can upload SVG files without restrictions.

Another method is using WPCode to enable SVG uploads via a pre-configured code snippet:

• Just go to Code Snippets > Add Snippet in your WordPress admin panel.

• Search for ‘SVG’ and hover over Allow SVG Files Upload when it appears.
• Click Use Snippet to proceed.

• On the next page, WPCode will pre-configure the necessary settings. Simply switch the snippet to Active and click Update.

Using either option, you’ll be able to upload SVG files without WordPress blocking them.

6. Modify MIME Types in .htaccess

Another way to allow more file types in WordPress is by modifying the MIME types in your .htaccess file. This forces WordPress to recognize and permit specific file extensions.

Here’s how you can do this:

• Locate the .htaccess file in your WordPress root directory using an FTP client like FileZilla or open cPanel’s File Manager.

• If the file is hidden, enable Show Hidden Files in your settings.

• Add MIME Type Rules. Open the .htaccess file in a text editor and insert the following lines at the end:

AddType image/svg+xml .svg

AddType application/octet-stream .zip

AddType application/pdf .pdf

AddType application/msword .doc

• This example allows uploads for SVG, ZIP, PDF, and DOC files. You can modify the list based on your requirements.
• After editing the file, save and upload it back.
• Lastly, clear your WordPress cache and browser cache, then try uploading the file again.

7. Update WordPress and Plugins

WordPress regularly improves security measures, including file handling rules. If you’re on an older version, certain file types may be restricted unnecessarily.

Similarly, some plugins—especially security or media management ones—can enforce stricter rules that get adjusted in newer updates.

Here’s how to update WordPress, themes, and plugins:

Update WordPress Core

Head to Dashboard > Updates and check if a new version is available. Click Update Now to install it.

Update Themes and Plugins

• Navigate to Appearance > Themes and update your active theme if needed.
• Go to Plugins > Installed Plugins and check for updates, especially for security-related plugins that might be affecting file uploads.

You can also update plugins and themes via WP CLI commands. To do this, you’ll need to access SSH access to your server.

You can access the SSH terminal directly from the Cloudways platform without needing third-party tools like PuTTY or the built-in terminal on Linux or macOS.

You will need the following to connect to your server or application using SSH.

• Master username or Application username.
• Password

Since I’m using Cloudways, I’ll launch the SSH terminal directly from the platform.

To update all the plugins once at a time, run the following command.

wp plugin update --all

To update all themes, run the following command:

wp theme update --all

Automate WordPress Updates with SafeUpdates

As you can see, manually updating everything can be time-consuming. Missing an update can lead to unnecessary upload restrictions. That’s where Cloudways SafeUpdates comes in. It automatically updates your WordPress core, themes, and plugins while ensuring your site remains stable.

Update WordPress Core, Themes & Plugins Seamlessly With SafeUpdates

SafeUpdates automatically updates your core, plugins, and themes, reducing security risks that can trigger the “Sorry, This File Type Is Not Permitted for Security Reasons” error.

Learn More

Conclusion

I hope this guide helped you resolve the ‘Sorry, this file type is not permitted for security reasons’ error in WordPress.

Whether you adjusted your wp-config.php file, used a plugin, checked your file extension, or tried another method from this guide, these solutions should help fix the file type upload error.

Note: Always back up your site before making changes to avoid any issues.

If you frequently face upload restrictions, consider optimizing your hosting—Cloudways offers secure, high-performance hosting with easy file management to keep your WordPress site running smoothly.