wordpress, blogging, blogger

How to Fix ‘Sorry, This File Type Is Not Permitted for Security Reasons’ Error

If you’re a WordPress user, you may have encountered the frustrating message

 Sorry, this file type is not permitted for security reasons WordPress.

This error message often pops up when you try to upload or modify certain file types on your WordPress website. In this comprehensive guide, we’ll delve into the reasons behind this error and provide you with solutions to overcome it. Whether you’re a beginner or an experienced WordPress user, this article will help you navigate through this security restriction and keep your website running smoothly.

Contents show

Understanding the Error

The “Sorry, this file type is not permitted for security reasons WordPress” error message appears when you attempt to upload or modify a file on your WordPress website that falls under the list of restricted file types. WordPress has implemented this security measure to protect your website from potential threats and vulnerabilities. By preventing the upload of certain file types, WordPress ensures that your website remains secure and less prone to malicious activities.

Reasons Behind the Security Restriction

WordPress is one of the most popular content management systems globally, and its popularity makes it an attractive target for hackers and spammers. By restricting specific file types, WordPress can mitigate the risks associated with potentially harmful files. This security restriction prevents attackers from exploiting vulnerabilities in files such as executable scripts or dangerous file formats.

Common Mime Types Restricted by WordPress Security

WordPress restricts several file types by default to maintain the security of your website. Some of the most common file types restricted by WordPress include:

  • .exe (executable files)
  • .php (PHP files)
  • .sh (Shell script files)
  • .bat (Batch files)
  • .cmd (Command files)
  • .msi (Windows Installer files)
  • .cpl (Control Panel files)
  • .dll (Dynamic Link Library files)
  • .py (Python files)
  • .cgi (Common Gateway Interface files)

Common Mime Types Usage

Mime consists of a file extension and type. When adding an allowed file type to WordPress, both need to be used. 

txt text/plain: Plain text file
html text/html: HTML document
json application/json: JSON data format
pdf application/pdf: Adobe Portable Document Format (PDF)
jpeg image/jpeg: JPEG image file
png image/png: PNG image file
mp3 audio/mpeg: MP3 audio file
wav audio/wav: WAV audio file
mp4 video/mp4: MP4 video file
mpeg video/mpeg: MPEG video file
doc application/msword: Microsoft Word document
xls application/vnd.ms-excel: Microsoft Excel spreadsheet
zip application/zip: ZIP archive
rar application/x-rar-compressed: RAR archive
tar application/x-tar: TAR archive
gzip application/x-gzip: GZIP compressed file
xml application/xml: XML document

Overcoming the File Type Restriction

If you encounter the “Sorry, this file type is not permitted for security reasons WordPress” error and need to upload or modify a file that is restricted, there are several ways to overcome this limitation. Let’s explore a few effective solutions:

Using SFTP

When WordPress doesn’t allow a file to be uploaded, the most immediate and secure way to successfully upload the file is to use SFTP. Since the file upload will not pass through WordPress, it cannot be blocked.

Using a Code Snippet

For our example, we’ll be adding gzip file extensions as a registered mime in WordPress, allowing it to be uploaded. 

function add_custom_mime_types($mimes) {
    $mimes['gzip'] = 'application/gzip';
    return $mimes;
}
add_filter('mime_types', 'add_custom_mime_types');

Use a Plugin to Allow Additional File Types

One of the easiest ways to bypass the WordPress file type restriction is by using a plugin. Numerous plugins are available in the WordPress plugin repository that allows you to upload additional file types without compromising the security of your website. Simply search for a suitable plugin, install it on your WordPress site, and configure it according to your requirements.

FAQs

Why does WordPress restrict certain file types?

WordPress restricts certain file types to enhance website security and minimize the risk of potential vulnerabilities. Restricting file types like executables or scripts helps prevent attackers from uploading malicious files to your site.

Can I fix this error with wp-config.php?

No, when using ALLOW_UNFILTERED_UPLOADS in wp-config.php, you are completely disabling the security WordPress has in place for file uploads, making your site easier to attack.

How can I determine which file types are allowed on my WordPress site?

You can find the list of permitted file types in your WordPress installation by navigating to “Settings” > “Media” in your WordPress dashboard. The allowed file types are listed under the “Uploading Files” section.

Are there any security risks associated with allowing all file types in WordPress?

Yes, allowing all file types in WordPress can potentially increase security risks. Certain file types, such as executable scripts or files with known vulnerabilities, can be exploited by attackers to compromise your website. It is crucial to strike a balance between convenience and security when allowing file uploads.

Can I seek professional help to resolve this issue?

If you’re unsure about making changes to your WordPress files or need assistance in resolving the “Sorry, this file type is not permitted for security reasons WordPress” error, it is advisable to seek professional help. Hiring a WordPress developer or contacting WordPress support can provide you with expert guidance tailored to your specific situation.

Conclusion

Encountering the “Sorry, this file type is not permitted for security reasons WordPress” error can be frustrating, but it serves as a necessary security measure to protect your website from potential threats. By understanding the reasons behind the file type restriction and exploring the solutions provided in this guide, you can successfully overcome this error and continue managing your WordPress site efficiently.

Remember to exercise caution when modifying config files or allowing additional file types, as security should always be a top priority. Only add the ability to upload file types that you absolutely need, leaving the other default protections in place.

Related posts:

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trending now

photo of bulb artwork
The Importance of Regularly Updating Your WordPress Plugins and Themes for Better Security
woman in black sweater using macbook pro
How to Backup a WordPress site: A Comprehensive Guide
hacking, cyber, blackandwhite
Advanced Malware Removal with WP CLI
blue clouds under white sky
Kinsta – Modern Hosting for Sites and Apps