In the security patch for WordPress 4.7.1 which was released in January 2017, a change to the way WordPress checks the file “MIME type” for uploads was made, which may cause an error on uploads for some file types (specifically non-image files).
Some users, especially those using custom plugins to add additional file types to the ones WordPress allows by default found here may experience an error when uploading:
“filename” has failed to upload.
Sorry, this file type is not permitted for security reasons.
There are a couple ways to fix this error:
- Add this line to the
wp-config.phpfile, which allows the non-image uploads for administrators only:
define( 'ALLOW_UNFILTERED_UPLOADS', true );
- Use a plugin that restores this ability, like this one: https://wordpress.org/plugins/disable-real-mime-check/
- Upload the files using SFTP instead
NOTE: Do NOT downgrade WordPress to fix this issue. Security patches for earlier versions of WordPress also contain this change. Downgrading will only weaken your site’s security and will not correct the error.