WordPress resource site for WordPress Beginners with easy to understand WordPress tutorials for mastering the basics and beyond.

WordPress Guide

WordPress Guide

Sorry this file type is not permitted for security reasons. wordpress

How to Fix the sorry this file type is not permitted for security reasons. wordpress

By editing your site’s wp-config.php file

  • Add New Permitted File Types Using wp-config.php
  • Login via FTP/cPanel
  • Your site’s wp-config.php file is located in the root folder, which is the same folder that has the wp-admin and wp-includes folders.
  • Right-click to edit the file
  • Add the following code snippet above the /* That’s all, stop editing! Happy blogging. */ line:
  • define('ALLOW_UNFILTERED_UPLOADS', true);
  • Make sure to save your changes

By using a free WordPress plugin

Use the Free WP Extra File Types Plugin

  • Once you install and activate the plugin
  • Go to Settings → Extra File Types in your WordPress dashboard.
  • You’ll see a lengthy list of file types.
  • Check the box next to the file type(s) that you want to be able to upload
  • Then click Save Changes at the bottom

By default, the file types that you can upload are:


  • .jpg
  • .jpeg
  • .png
  • .gif
  • .ico


  • .mp4
  • .m4v
  • .mov
  • .wmv
  • .avi
  • .mpg
  • .ogv
  • .3gp
  • .3g2


  • .pdf
  • .doc
  • .ppt, .pptx, .pps, .ppsx
  • .odt
  • .xls, .xlsx
  • .psd


  • .mp3
  • .m4a
  • .ogg
  • .wav

If you’re trying to upload a file type that’s not on the list above, you’re likely going to run into the “Sorry, this file type is not permitted for security reasons” error. Or, you’ll also see it as “[filename] has failed to upload”.

Are you trying to upload a file on WordPress and keep getting the ‘Sorry, This File Type Is Not Permitted for Security Reasons’ error?

Typically you get this in a couple of situations. If you have done a fresh install and your file permissions are out of whack and you can’t update your plugins and you can’t access your theme files or really do anything to manage your WordPress site.

And then the other time is if you’ve been hacked. Fixing file permissions is a quick way to resolve common issues. Especially if you get a 403 forbidden error. You’re gonna need a couple of details. You’re first gonna need your file, a FTP manager. In this case FileZilla is what I’ll be showing you how to use and you’re gonna need your FTP credentials.

You’re gonna have to get those from your host. Ultimately it comes down to your host’s implementation to get you what you need. You’re gonna end up adding some host information, a username, a password and then the port number, which is typically 22.

Which is 22 for secure and 21 is for insecure. To resolve the most common issues you’re going to need to do really just a couple of things. It’s not particularly difficult, but you have to be very careful with what we’re about to do. So the first thing is if you’re trying to fix your folder permissions.

Folders have a different permission set than files in WordPress. Folders have a permission value of 755, while a individual file will have permissions of 644. These are pretty secure. If you wanted to stop a file from being written over at all, you could set it to something like 600, which would prevent you from writing it and this is commonly done for the wp-config.php file and the .htaccess file.

I will show you how to do that for those files individually, but what we’re gonna do now is show you just how to fix the permission error. So what you’re gonna do is you’re gonna select these three folders and we’re gonna fix the folder permissions first.

Then you’re gonna click, right click, and you’re gonna hit file permissions. For file permissions you’re going to want to make sure that they’re set to 755, which is like this, or if you’re on Cloudways, you may needed to be set to 775. After you pick your ideal configuration, you click recurse into subdirectories and then you click apply to directories only.

Do not do the first option or else this will also overwrite all file permissions within those subfolders and if you’ve done that you’re going to have a lot of problems. But the second step should help you alleviate tht. After you selected this, you just need to click OK and depending on how large your WordPress site is, it will go through and run through and update all their permissions.

Sometimes it can take like 20 to 30 minutes depening on how fast your host is. I’m not going to go ahead and click ok because this is just a demonstration, but you need to do so now. After we’ve done the folder permissions, we now need to go ahead and fix the file permissions.

So the easiest thing that we can do is first let’s select these, these bunches of files. So everything from .htccess, all the way down to the very last file, which is XMLRPC.php. The folder should always be up top, typically with most file managers, so you shouldn’t run into too many issues.

Then you can just gonna go ahead and you’re going to click file permissions and again the common one is 644 for most WordPress websites. Certain hosts may require you to have a little bit of a more liberal write policy, but 644 is typically ideal. If you’re curious 644 is sometimes needed under certain hosting conditions.

Then what you’re gonna do is, you’re just gonna select all of them, like we just did, you’re gonna click file permissions again, you’re gonna click 644 and you’re gonna click OK and it’s only gonna change these files. Now we’re gonna go ahead and do it for the rest of your WordPress files.

So what you’re gonna have to do now is go back up to your directory. You’re gonna right click on these. After we’ve already fixed the folder structures, we’re gonna want ahead and set them to 644. So we’re going to just execute and then oops sorry and execute now it’s 644.

You’re gonna click recurse into subdirectories and click apply to files only. After you do this, it’ll run through. This one’s going to take substantially larger. I do recommend you get up and get yourself a cup of coffee because it will take a while. You’ll click OK and it’ll go through and write through all of your files.

This should solve most permission issues. This should allow you to update your plugins if you haven’t been able to. It should restore access to the plugin and theme editor, which while I don’t recommend leaving them enabled from a security point of view, if you weren’t able to access it, this was probably why.

And it’s just gonna resolve a lot of common issues and then as I had mentioned in certain configurations you may need to extend your write permissions to apply to groups. In which case, you would do 664.

This is a server config. For most of you, you don’t have to worry about this, but for those of you who do, you’re gonna have to set it to you you’re gonna have to set to 664. Most of you though, should just use 644. You’ll click OK and it will go through and update all your permissions.

Sorry this file type is not permitted for security reasons. wordpress Solution Complete.