Fix Error ‘Sorry, this file type is not permitted for security reasons’ on WordPress [Updated]

Did you get this WordPress error “Sorry this file type is not permitted for security reasons” while uploading any files in the Media Library on WordPress website? 

Don’t worry while you are getting this error. Because most of the time these files are blocked due to the security issues in WordPress website. Even at the earlier stages of mine, I got the same type of error while I wanted to try uploading .xml, .svg, .otf, .ttf files on my website.

So, here I am going to guide you – How to fix “Sorry, this file type is not permitted for security reasons.

Solution for “sorry this file type is not permitted for security reasons”

I have found the following solution for avoiding this type of error. These are listed below:

#1 Using a WordPress Plugin

As we know WordPress is an Open-source CMS platform where the user can easily upload media files, documents on their WordPress website. But there is some Unsupported files format which WordPress doesn’t allow to upload due to breach security of your website. 

Sorry this file type is not permitted for security reasons

But using a simple Free WordPress plugin, you are able to upload any kind of MIME file on your website. 

The following plugins can easily fix this File type error in WordPress.

But I am using the Extra file type WordPress plugin to resolve this file type error in WordPress.

You can Install that plugin Login into WordPress Dashboard > Plugin > Add New Plugin and search for Extra File type and  Now install that plugin.

Installing wp extra file types

What will be the next step:

  • Now go the Settings > Extra File type.

Extra file type change file type error

  • Select what file type you want to enable.
  • Now save the changes.

If you want to add custom file types, you can easily add Custom File Type putting Description, File Extension and MIME-type.

Add custom File type

Boom! You are now able to upload the file. But remember one thing: Never select all the file formats, it will affect your website and it will be easily accessible for hackers to hack your website.

#2 Editing WP-Config.php file in the WordPress installation directory 

The wp-config.php file is the most important configuration file for your website. To allow the certain file types in a website, you have to edit some piece of code in your wp-config.php file.

  • For finding the wp-config.php in WordPress, you have to login your CPanel or Hosting Panel then open File manager > Public_html and you will find wp-config.php.
  • Open wp-config.php and paste the following code above the line that says “That’s all, Stop Editing, Happy Publishing”.

Now save that file and done! You are now able to upload your files.

#3 Modify theme’s function.php file – without using a plugin.

If you are not comfortable with editing wp-config.php file, the next option you should try. You can add some Filters in your WordPress theme which is super easy if you don’t want to use any kind of plugin to resolve this error without using any plugin.

Actually, this works as a filter in your theme’s directory. Suppose you want to add .xml file format but you are not able to upload that file type due to the security issue.

Suggested Article: 36+ Best Free WordPress Blogging theme in 2020 [Expert’s Collection]

Using these steps you can find theme’s function.php:-

  • Method-1: Open your themes folder from CPanel Dashboard > File manager > Public_html > wp-content > uploads > themes > [theme_name] > function.php
  • Method-2: Open WordPress Dashboard > appearance > theme editor and go to the right side of the screen and click on Function.php file

Editing Theme's function.php

You have to just find out the MIME  file type according to your file extension. [for my case it was .xml] you can go through MIME Complete File list and change according to your MIME file type.

Now paste the following code:

// Add this to the functions.php file of your WordPress theme
// It filters the mime types using the upload_mimes filter hook
// Add as many keys/values to the $mimes Array as needed

function my_custom_upload_mimes($mimes = array()) {

// Add a key and value for the CSV file type
$mimes['csv'] = "text/csv";

return $mimes;

add_action('upload_mimes', 'my_custom_upload_mimes');


Now you can replace XML file types to your required MIMES types.

#4 Allowed file types in multi-site WordPress website

If you are using a Multi-site WordPress website, you can add file types easily. For adding file extension in your website, Login to your Multi-site network panel and go to the Network Admin Area > Settings > Upload Setting.

In the Upload settings area, there is a section called “upload file types”. Now add the extension which you want to add and it will reflect all the associate websites under that Network Panel.

#5 Contact Hosting Provider

After applying the above steps for resolving the issue “Sorry this file type is not permitted for security reasons.” you should contact your web hosting provider because most of the time some files aren’t allowed for uploading your website due to some security policies. 

Ask your hosting provider for giving the permission of a particular file type in your website and you can easily upload those file types without using any plugin or code. 


Due to some security issues and safety for your website, most of the files types aren’t allowed for uploading at a default state. As WordPress is an open-source platform and they are trying to provide security for your website. 

As a default state, the common file types such as .png, .jpeg, .mp4, .mp3, .docs etc. But .xml, .svg, .otf, .woff that file types aren’t allowed at a default state and you will get that kind of error “Sorry this file type is not permitted for security reasons.

And I’m sure after reading this article, you will be able to fix your website. If you are facing any kind of issue or if you want to thank me, leave a comment and I will be the happiest person on the Planet.

I am Somnath an Entrepreneur, Blogger and Proud to be Founder of I love to share blogging tips, WordPress guidance to my audience. I'll happy if you get some helpful article from my blog.

2 thoughts on “Fix Error ‘Sorry, this file type is not permitted for security reasons’ on WordPress [Updated]”

Leave a Comment