WordPress file type is not permitted for security reasons

This article explain little bit about uploading files to WordPress and its error when WordPress don’t allow some file types. WordPress by default allow users to upload following file types



.pdf (Portable Document Format; Adobe Acrobat)
.doc, .docx (Microsoft Word Document)
.ppt, .pptx, .pps, .ppsx (Microsoft PowerPoint Presentation)
.odt (OpenDocument Text Document)
.xls, .xlsx (Microsoft Excel Document)


.mp4, .m4v (MPEG-4)
.mov (QuickTime)
.wmv (Windows Media Video)
.ogv (Ogg)
.3gp (3GPP)
.3g2 (3GPP2)


WordPress will show security warning like this, “Sorry, this file type is not permitted for security reasons.” when we try to upload other file formats. This security warning also show when some web hosts are not permitted above file formats to be uploaded

The easiest way to override this restriction is by adding following to wp-config.php, this constant all all file types to be uploaded to WordPress


You could use following function to allow specific file types

add_filter('upload_mimes', 'pixert_upload_types');
function pixert_upload_types($existing_mimes=array()){
$existing_mimes['flv'] = 'video/x-flv';
$existing_mimes['mid'] = 'audio/midi';
return $existing_mimes;

If you have set file types you could add new file types to Upload Settings in WordPress Multisite/Network, this setting allow sub-domain to upload new file types

Go to WP-Admin > My Sites > Network Admin > Settings > Upload Settings, add mp4 to Upload file types (jpg jpeg png gif mp3 mov avi wmv midi mid pdf mp4 ) (32MB)


6 responses to “WordPress file type is not permitted for security reasons”

  1. It is a relief

  2. Just what I was looking for – thanks for providing such clear instructions. Much appreciated.

  3. J.R. Noble Avatar
    J.R. Noble

    I don’t have multiple websites. Where can I locate this file so I can make the changes to the file extension permissions? Can I find the settings in the CPanel or in the WordPress dashboard?

  4. This solution appears particularly reckless, as it leaves the website open to a code injection attack. I haven’t tested it, but it sure doesn’t look very promising!

    1. Alok Kumar Singh Avatar
      Alok Kumar Singh


  5. theladyslounge Avatar

    I don’t have “upload settings” in my settings…

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: