Fix “Sorry, This File Type is Not Permitted For Security Reasons” Error
Wouldn’t it be great if you could work on your WordPress site without disruption?
Unfortunately, WordPress users are bound to face issues and errors every now and then. One such common error is failing to upload a file.
When this happens WordPress throws errors like:
- sorry, this file type is not permitted for security reasons
- sorry, this file type is not permitted for security reasons.svg
- woocommerce sorry, this file type is not permitted for security reasons
- terminat.ttf sorry, this file type is not permitted for security reasons
We are all too familiar with this message. We’ve helped numerous websites fix this issue and get back to growing their business.
In this article, we’ll walk you through:
- Why are you experiencing this error?
- How to fix it without opening yourself to security risks?
TL;DR: To remove upload restrictions and upload any types of files and folders on your website, install WP Extra File Types or File Manager. That said, we don’t recommend removing restrictions because it makes it easy for hackers to break into your website. For a better fix, check out this section.
Disabling File Restriction To Allow All Types Of Uploads is Very Risky
You get the “Sorry, This File Type is Not Permitted For Security Reasons” error when you are trying to upload a file (image, audio, or video) which is not supported by WordPress (more on this, in this section below).
However, you can bypass this restriction by using a plugin or manually inserting a piece of code into your WordPress site.
- Inserting spammy Japanese keywords which will ruin your site’s SEO
- Creating pages on your site so that they can sell illegal drugs in what we call the pharma hack
- Redirect your visitors to malicious websites so that they generate revenue by duping your visitors, among other things.
This is why WordPress restricts the type of files you can upload in a WordPress site.
That said, hacks are not the end of the world. You can detect and clean them quite easily by installing MalCare Security. But it’s best to avoid getting hacked in the first place.
Therefore, we highly recommend a fix that does not involve removing WordPress’ restriction. It’ll take a while for you to implement such a fix. So if you are in a hurry, you can remove the file type restriction temporarily.
We’ll show you how to implement both the fixes in the next section.
How to Fix The “Sorry, This File Type is Not Permitted For Security Reasons” Error
There are 2 ways to fix this problem:
- Permanent and safe fix
- Temporary and high-risk fix
We recommend the safe fix but if you are in a hurry, you can go for the temporary fix. Please ensure that you come back and implement the permanent fix later to prevent your site from getting hacked.
The Permanent Fix (Recommended)
- If you started experiencing the error after updating the WordPress core or a plugin, it’s possible that the problem is not with your file type. It’s the result of a bug found on your core or plugin. You can ask for help from WordPress forums or plugin developers.
- But if the error started appearing after moving to a managed hosting provider like Cloudways, reach out to your hosting support team.
- If it’s really the file type that’s causing the error, why not convert the file type to something that WordPress supports? Here’s a list of file types supported by WordPress. Or you can run a Google search to find online converters that don’t reduce the quality of your file.
That said, it’ll take a while to implement the solutions that we listed above.
Temporary Fix With a Plugin or Manually Method (Very Risky)
Before we show to bypass WordPress restrictions, take a complete backup of your WordPress Website. There is a good possibility that things can go wrong. When it does, you can quickly restore your site back to normal.
Alternately, you can stage a site and try the fixes on that site first. That way, if things do go wrong, your live website won’t be affected. Here’s a guide you can use to create a staging site.
To bypass the restrictions of WordPress, install plugins like WP Extra File Types or File Manager on your site. They offer you a range of file types. All you need to do is choose the file types you want to upload on your site.
If you don’t want to add more and more plugins into your site, you can remove the restrictions manually.
Open your hosting account and go to cPanel > File Manager.
Find the wp-config.php file and edit it.
Now drop the following code into the file:
You need to place the code right above the /* That’s all, stop editing! Happy blogging. */ line.
Pro Tip: If you have a multisite, you don’t need to add a new plugin nor do you need to edit your WordPress file. Just go to Network Admin > Settings > Network Settings. In the Upload Settings section, you’ll find the Upload file types. Just insert an extension for the file type you want to upload.
What If The Fix Fails For “Sorry, This File Type Is Not Permitted”?
If the fix did not work, try clearing your cache and then upload. It’s possible that you are seeing the error because of cache.
Still seeing the error? This happens when the file format is not causing the error.
File types like SWF and EXE are hard-banned which means tweaking the multisite setting or installing a plugin may not work.
The only way to overcome the restriction is by uploading the file via FTP.
All media files are stored in your Upload folder. Using an FTP software like Filezilla, you can upload the file into the Uploads folder.
- Download and install Filezilla into your computer.
- Open the software and enter your FTP details at the top of the window. You can find your FTP credentials with the help of this guide and video.
- The panel called Remote site will populate with the files and folder of your website. You should find a public_html folder in that panel. Expand that folder.
- Inside the public_html folder, go to wp-content > Uploads. The contents of the Uploads folder will appear right below the panel.
- The audio or video or image file that you want to upload to the website. Move it to the downloads folder on your local computer.
Now back to Filezilla…on Filezilla, there is a panel called Local site. Inside this panel, you’ll find a folder called Downloads. That’ll give you access to everything present in the Downloads folder of your computer. You need to move the file from Downloads to the Uploads folder.
- First, click on the Uploads. Then right-click on the file in the Downloads folder that you want to upload into your site by selecting Upload.
- Now go to your WordPress dashboard. And go to the Media > Library.
You should be able to see the file on your WordPress website.
That’s all folks.
Getting Error On File Formats Supported By WordPress
This happens due to bugs present on one of the plugins or themes installed on your site.
We have experienced this error in plugins that work with images like slider plugins, plugins that integrate maps into site, plugins that help you manage images, etc.
We suggest that you find out which plugin is causing the issue and disable it or find an alternative. To identify the plugin that is causing the porblem checkout this Guide on Troubleshooting Plugins Problems.
Before proceeding, we suggest that you carry out the process on a staging site. Disabling plugins can break some of the functions of your website. To prevent that from happening you need to use a staging site.
- If you have recently installed a new plugin, disable it and then try uploading the file. Didn’t work?
- Start disabling the plugins one by one. Everytime you disable the plugin, upload your file. When to stop seeing the error, you’d know which plugin was causing the error.
- If you need the plugin, then we suggest finding an alternative.
- Unable to find the culprit? Then try disabling the themes. When that fails, try reinstalling the core.
When all fails, you can reach out to your hosting provider for help.
What is Causing The Error
You will come across a “Sorry, This File Type Is Not Permitted for Security Reasons” error when trying to upload a file that is not supported by WordPress.
WordPress supported files are as follows:
If you are trying to upload any file types other than the ones listed above, you will see the error.
Files allowed by WordPress are not executable.
What is an executable file? It’s a file that you can command to carry out certain functions on your WordPress site.
Files like pdf, mp3, jpeg, mp3 cannot be commanded to carry out any function. This means it cannot be corrupted.
Files not supported by WordPress like .exe, .woff, etc are executable. They can be corrupted and uploaded into your website. It can give hackers access to your site. Hence, WordPress restricts the types of files one can upload.
If you want to look at all the file types allowed on your website, open the functions.php file –
Congratulations on fixing the issue.
It can be really annoying to not be able to upload files. It causes disruptions and delays albeit for good reasons.
We already spoke about why bypassing the file restrictions is not a good security practice.
But sometimes you just have to do it.
In that case, we suggest keeping a watch over your website. Install a WordPress security plugin like MalCare so that it can scan your site on a daily basis. If there’s a hack, the plugin will detect it and even help you clean your site. As a bonus, you also get protection against malicious traffic and brute force attacks.
Install MalCare Security Service Right Now
Sufia is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Sufia distils the wisdom gained from building plugins to solve security issues that admins face.