Sorry, this file type is not permitted for security reasons.

Uploading files outside of WordPress default allowed files will give you the error message “Sorry, this file type is not permitted for security reasons.”. This is a security feature done by WordPress to avoid vulnerabilities from being uploaded.

There is a quick fix: Adding the line below to your wp-config.php file will allow files outside of WordPress defaults to be uploaded. In a standard WordPress installation, your wp-config.php file will be located in this path ~/public/wp-config.php. The wp-config.php file can be edited after logging into your site using either SFTP or SSH. Note that this may break functionality on your site depending on what you are adding. As a security measure, you should also remove the define() rule after you have uploaded your files in WordPress.

define( 'ALLOW_UNFILTERED_UPLOADS', true );

An example of this being added in the wp-config.php file. The define rule is added after the $table_prefix and before /* That's all, stop editing! Happy publishing. */:

Published

September 20, 2021

Stian Nilsen

Latest

Security

Sorry, this file type is not permitted for security reasons.

Latest

What are WordPress Salts, and how to change them

How to Replace all Plugins After a Hack

How to protect your website from a DDoS Attack

How to blacklist/whitelist IP’s on your website

How to turn on/off SFTP/SSH access in an Environment

Multi-Factor Authentication (MFA) emails from Cloudflare

Additional security to outgoing email

How to add Security Headers to your site

Do you offer multi-factor authentication on your Control Panel?