Gravity Forms the Uploaded File Type Is Not Allowed.

So, you just tried to upload a file to your WordPress website and, instead of successfully uploading, yous received an error message that said, "Sad, this file blazon is not permitted for security reasons."

Your beginning instinct might exist to panic. Did you just near upload a corrupted file to your site? Was information technology malware? Is your site compromised now?

Don't worry — while this message might seem ominous, it only ways that WordPress does not support the file type y'all tried to upload. In this post, nosotros'll examine what causes this error message and look at a few gratuitous and easy ways to resolve information technology.

What causes the "sorry, this file blazon is not permitted for security reasons" error in WordPress?

By default, WordPress restricts the types of files that you tin upload to your site for security reasons. When you effort to upload a file type that WordPress does not support, you'll run into the "sad, this file type is not permitted for security reasons" mistake message.

For example, allow's say I try to upload an AVIF file to WordPress. AVIF is an prototype format that stores compressed images. Although this format promises to be a game-changer in prototype pinch, it's all the same relatively new and therefore not a popular file format.

WordPress does not support this file type. If I attempt to upload an AVIF file, I'll receive the "sorry, this file type is not permitted for security reasons" error. Here's how that mistake looks in the Gutenberg editor:

If you merely upload file types that WordPress supports, y'all probably won't e'er see this error message. Next, let's review what those file types are.

WordPress Allowed File Types

WordPress supports a broad range of file types including the virtually mutual images, video, document, and audio formats. These file types are also known every bit Multipurpose Internet Mail service Extensions, or MIME types. MIME types help browsers figure out what type of content has been uploaded to a web page.

If y'all upload a .jpeg file and .png file, for instance, the browser uses their MIME types to determine that these are both image files. Similarly, if you lot upload a .mp3 or a .wav file, the MIME blazon signals to the browser that these are sound files.

WordPress supports uploading the following file types:

Images

• .jpg
• .jpeg
• .png
• .gif
• .ico

Document

• .pdf
• .medico, .docx
• .ppt, .pptx, .pps, .ppsx
• .odt
• .xls, .xlsx
• .psd

Audio

• .mp3
• .m4a
• .ogg
• .wav

Video

• .mp4, .m4v
• .mov
• .wmv
• .avi
• .mpg
• .ogv
• .3gp
• .3g2

Notation that you lot can upload HTML files to WordPress in addition to the files listed in a higher place. Also, we don't recommend uploading videos directly to your WordPress media library, since they utilize up significant storage and can slow downward your website. Instead, opt for a video hosting service to store your videos.

These file types are all quite common. Notwithstanding, you may want to upload a file type that's not on this list. Or, you may be trying to upload one of these permitted file types and withal get the "distressing, this file blazon is non permitted for security reasons" error message.

In either instance, there are steps y'all can take to avert this error message.

How to Fix the "Sorry, This File Type Is Not Permitted for Security Reasons" Error

1. Cheque your file type extension.
2. Change your multisite network settings.
3. Edit your wp-config.php file to upload whatever file blazon.
4. Edit your theme'south functions.php file to modify permitted file types.
5. Install a plugin to add more permitted file types.
6. Contact your hosting provider.

1. Bank check your file type extension.

Before you start changing your WordPress settings or files, check the extension of the file you're trying to upload. Maybe you lot accidentally changed the extension when saving the file. And then, the reason you're seeing the fault message is not a trouble with your wp-config.php or functions.php file — it's that y'all're trying to upload an image in a video format.

In the instance below, I tried to upload a .jpg file as an .avi file and got the error message every bit a effect.

This is an easy kickoff step: If the file name extension is incorrect, and then you tin ready information technology and upload the file in the correct format. If it is right, move on to the next step.

2. Alter your multisite network settings.

If you lot are running a multisite installation — a network of sites that all share the same WordPress installation cadre files — then you tin can hands add more immune file types.

To add a file type, click Settings > Network Settings in your dashboard, then scroll down to Upload Settings. In the input field next to Upload file types, add the extension for the file blazon yous want to upload. And so, save your changes.

Users on whatsoever site in your network will now exist permitted to upload all the file types listed hither.

If yous are running a unmarried-site WordPress installation, you won't have this option in your settings. Yous'll need to try one of the steps beneath.

iii. Edit your wp-config.php file to upload any file blazon.

If you want to permit any and all file types to be uploaded to your site, you simply need to add 1 line of code to your wp-config.php file.

It's relatively simple to do this, but as a all-time practice, you should always brand a backup of your wp-config.php file earlier editing. Fifty-fifty a minor error in the file can make your site inaccessible.

One time you've made a copy of your wp-config.php file, follow the steps beneath to permit whatever file type upload.

• Access File Managing director via your hosting control console.
• Open your public_html binder.
• Locate and right-click the wp-config.php file, then cull Edit.
• Scroll to the bottom of the file.
• At the end of the file, you'll encounter the line: /* That's all, cease editing! Happy blogging. */. Above this line, paste the following code:

                                          
define('ALLOW_UNFILTERED_UPLOADS', true);
                                      

• Save your changes to the file.
• Log out of WordPress, then sign back in. Yous should now exist immune to upload any file type.
• Salvage your changes. You should now be immune to upload the new file types.

This is a relatively like shooting fish in a barrel solution, but not platonic for every website. If multiple users are uploading files on your WordPress site, for example, you may want to specify which file types are permitted. In that instance, keep reading.

4. Edit your theme's functions.php file to change permitted file types.

If you want to allow only certain file types to be uploaded to your site, you lot can utilise the Upload_Mimes Filter. Hither's how:

• Access File Manager via your hosting command console.
• Open your wp-content folder.
• Open your themes folder.
• Locate and right-click the functions.php file, then choose Edit.
• Curlicue to the lesser of the file and paste the following lawmaking:

                                          
function cc_mime_types($mimes) {
                      
    // New immune mime types.
                      
  $mimes['svg'] = 'image/svg+xml';
                      
  $mimes['svgz'] = 'prototype/svg+xml';
                      
  return $mimes;
                      
}
                      
add_filter( 'upload_mimes', 'my_custom_mime_types' );
                                      

Note that the code above allows SVG and SVGZ files. You tin change or add together MIME types to this code snippet depending on what file types you want to upload.

While avant-garde users won't accept a problem adding code to their functions.php or wp-config.php files, beginners might. In that case, you tin can utilize a WordPress plugin as well.

v. Install a plugin to add more permitted file types.

If you'd prefer non to edit your wp-config.php or functions.php files straight, then y'all can utilize a plugin to add permitted file types on your website.

WP Add Mime Types and File Upload Types by WPForms are two such plugins. While both are gratis from the official WordPress directory and highly rated, the File Upload Types plugin is more beginner-friendly. Follow these steps to use it:

• Install and activate the File Upload Types by WPForms plugin.
• Under Settings, click File Upload Types.
• Check the boxes next to the file types you want to upload. The list is pretty long, but you can search for your extension using the search bar in the acme right. If your extension isn't on the list, you can add together your own custom file type at the bottom.
• When finished, click Relieve Settings. Yous should now be allowed to upload the new file types.

half-dozen. Contact your hosting provider.

If y'all've tried all the steps higher up and are withal getting an error message, and then contact your WordPress hosting provider support team and describe your upshot.

Information technology'due south possible that your provider has stricter limits on the file types you lot can upload than WordPress has by default. In that case, the steps in a higher place won't resolve the "sorry, this file type is not permitted for security reasons" error, only your provider's client back up probable can.

Securing Your File Uploads

Even though there are ways to go effectually the "sad, this file type is not permitted for security reasons" error, that doesn't hateful you should ignore the security issues that WordPress sites can experience. WordPress restricts the file types y'all can upload because allowing whatever file blazon would make information technology easier for bots and hackers to identify malware on your site.

That's why nosotros recommend specifying which file types yous want to allow equally to not open your website to any type of file, and consider preventing users with lower roles from uploading files to your site.

Additionally, only upload plugin and theme files downloaded from legitimate sources, as these files are some of the nearly common causes of compromised WordPress sites. And, conduct regular malware scans for harmful lawmaking that may have constitute its mode in via an upload.

For more ways to protect your site from hacking attempts, see our full guide to WordPress security.

Uploading File Types in WordPress

A "lamentable, this file blazon is not permitted for security reasons" error tin exist frustrating for site admins and users. The adept news is that the steps above tin either resolve the mistake or allow you to command which file types you're able to upload — without compromising the security of your WordPress site.

Editor's notation: This post was originally published in January 2021 and has been updated for comprehensiveness.

Originally published Oct 5, 2021 7:00:00 AM, updated October 05 2021

leonardtrinnow.blogspot.com

Source: https://blog.hubspot.com/website/file-type-not-permitted-security-reasons

Share this post