“Sorry, this file type is not permitted for security reasons”.

Uploading files outside of WordPress default allowed files will give you the error message “Sorry, this file type is not permitted for security reasons.”. This is a security feature done by WordPress to avoid vulnerabilities from being uploaded.

There is a quick fix: Adding the line below to your wp-config.php file will allow files outside of WordPress defaults to be uploaded. In a standard WordPress installation, your wp-config.php file will be located in this path ~/public/wp-config.php. The wp-config.php file can be edited after logging into your site using either SFTP or SSH. Note that this may break functionality on your site depending on what you are adding. As a security measure, you should also remove the define() rule after you have uploaded your files in WordPress.


An example of this being added in the wp-config.php file. The define rule is added after the $table_prefix and before /* That's all, stop editing! Happy publishing. */: