MIME Types in WordPress
WordPress restricts both file types and MIME types, with additional types being added through code changes. In this article we explain what MIME types are, which MIME types WordPress allows to be uploaded, which MIME types WordPress recognizes, and how to add more MIME types if needed.
We’ll also explain why you may receive a security error when uploading an image, such as “Sorry, this file type is not permitted for security reasons” and how to fix this error.
About MIME Types
MIME stands for Multipurpose Internet Mail Extensions. MIME types are used by browsers and other internet devices to determine the type of content associated with a page. For instance, if you have a
.png file and a
.jpeg file on the page, the browser would know by their MIME types to treat both files as images rather than videos or some other file types.
By default, WordPress has a list of registered mime types stored in
wp-includes/functions.php that any developer can call using wp_get_allowed_mime_types(). These files are the file types recognized by WordPress. However, not all MIME types recognized are allowed to be uploaded through the WordPress Admin Dashboard. To see only the types that WordPress allows to be uploaded, you can use the upload_mimes filter.
If you attempt to upload a file where either the MIME type or file type are not supported by WordPress, you will get the error “Sorry, this file type is not permitted for security reasons.” Skip ahead to learn how to fix this error.
Allowed WordPress MIME Types
Just because WordPress identifies a specific MIME type does not mean that the file type can be uploaded in your WordPress Admin Dashboard. WordPress restricts the file types that can be uploaded to the ones listed below.
Below is a list of the various file types that you can upload to WordPress, and the corresponding MIME type. These file types will upload without any security warnings in you wp-admin dashboard.
|File Extension||MIME Type|
|.ppt||application/mspowerpoint, application/powerpoint, application/vnd.ms-powerpoint, application/x-mspowerpoint|
|.xls||application/excel, application/vnd.ms-excel, application/x-excel, application/x-msexcel|
|.mp3||audio/mpeg3, audio/x-mpeg-3, video/mpeg, video/x-mpeg|
|.avi||application/x-troff-msvideo, video/avi, video/msvideo, video/x-msvideo|
Not Allowed WordPress MIME Types
wp_get_allowed_mime_types() function will give you a list of the MIME types WordPress recognizes, but does not allow to be uploaded. Below we’ll go over the MIME types that are not allowed to be uploaded in the wp-admin, but that WordPress still recognizes.
When uploading a file using one of the following extensions you will see the security warning “Sorry, this file type is not permitted for security reasons.” Skip to this section to learn how to resolve the error.
|File Extension||MIME Type|
Additional File Types
If you need to use other file types with WordPress beyond what it identifies already, it simplest to use a plugin to extend this function, for example WP Add Mime Types. Doing this is most often necessary with file types that are not images. Common examples include .epub or .mobi files from eBooks.
If you need a complete reference of which MIME types exist, see this comprehensive list.
If you’re still having issues, another potential solution is to add the following to your wp-config.php file. This allows uploading of non-image file types just for administrator-level users.
define( 'ALLOW_UNFILTERED_UPLOADS', true );
Non-Image File Upload Error
In the security patch for WordPress 4.7.1 which was released in January 2017, a change to the way WordPress checks the file “MIME type” for uploads was made, which may cause a security error on uploads for some file types (specifically non-image files).
Some users, especially those using custom plugins to add additional file types to the ones WordPress allows by default (found here) may experience this error when uploading to the wp-admin:
“filename” has failed to upload.
Sorry, this file type is not permitted for security reasons.
This security error is most often see with files using the extensions: .docx, .ppt, .svg, .xlsm, .ai but may display for may more file types. If you’ve just started seeing this warning you may be wondering how to fix this error. There are a couple different ways to resolve the issue:
- Add the following line to the
wp-config.phpfile. This will allow non-image uploads for administrators only:
- Use a plugin that restores this ability, such as WP Add MIME Types
- Upload the file that is returning the error using SFTP instead
NOTE: Do NOT downgrade WordPress to fix this issue. Security patches for earlier versions of WordPress also contain this change. Downgrading will only weaken your site’s security and will not correct the error.
NEXT STEP: Using WebP for image optimization