How to Upload Additional File Types in WordPress

Being able to manage all the files we upload in WordPress in one place (the media library) is something very useful. Some say the media library could be improved—some requested features are still missing, like file tagging, sorting by topic or by file extension, or searching for duplicates—, but its usefulness is clear when reusing or sharing files between our contents without having to upload them more than once.

Maybe you didn’t know that, but WordPress only allows file uploading into the media library if such files meet certain conditions. Specifically, you can only upload the following file types by default in a standard WordPress installation:

Images
- .jpg
- .jpeg
- .png
- .gif
- .ico
Documents
- .pdf (Portable Document Format; Adobe Acrobat)
- .doc, .docx (Microsoft Word Document)
- .ppt, .pptx, .pps, .ppsx (Microsoft PowerPoint Presentation)
- .odt (OpenDocument Text Document)
- .xls, .xlsx (Microsoft Excel Document)
- .psd (Adobe Photoshop Document)
Audio
- .mp3
- .m4a
- .ogg
- .wav
Video
- .mp4, .m4v (MPEG-4)
- .mov (QuickTime)
- .wmv (Windows Media Video)
- .avi
- .mpg
- .ogv (Ogg)
- .3gp (3GPP)
- .3g2 (3GPP2)

However, it’s not always possible to upload all these file types—some hosting providers limit the set of valid file types and even the maximum file size you can upload in your installation. If you have problems uploading some permitted file types, contact your provider first to get an explanation.

When trying to upload a .SVG image in WordPress you get an error.

Recently we received a comment asking us how to expand the list by adding more file types. As surely there are more people interested in learning how to do this, in this post I explain the solution.

Modiying `wp-config.php`

If you do not want to limit the file types and thus upload any file into the media library, the easiest way to follow is to add the following line in the wp-config.php file:

define( 'ALLOW_UNFILTERED_UPLOADS', true );

The wp-config.php file allows us to modify the default behavior of WordPress. You’ll find it in the root of your server. Using the above statement we are allowing all administrators to upload any file type. Note that this can be dangerous if you do not trust too much your administrators and what they can do. Be careful when adding this statement or you might end up regretting your decision ?

Using the `upload_mimes` filter

If you want to solve the problem of uploading additional file types to WordPress, but being selective and only allowing a controlled subset of file types, the best you can do is use the upload_mimes filter. As always, you have all the information in the Codex.

This filter is super easy to use. You only need to add a piece of code similar to the following in the functions.php file of your theme or inside a new plugin of your own:

You can ignore the first line (<?php), which simply opens a block of PHP code. Line 2 indicates that the function my_mime_types will be executed with the upload_mimes filter. Lines 3 to 10 define this function. my_mime_types has one single parameter ($mime_types)—the list of allowed file types.

If you want to allow SVG and JSON files in the media library, just add lines 4 and 5, respectively. This is how it works: to add a new file type, you just have to create a new entry in the $mime_types list with the file extension and mime type. To find the proper mime type of an extension go to the official list of media types that the IANA (Internet Assigned Numbers Authority) defines.

On the other hand, you can also disable certain file types. You can prohibit the file types you want by simply unsetting their entries in the $mime_types array, as I did in lines 7 and 8, where I disabled Microsoft Excel file uploading.

Nelio A/B Testing

Native Tests for WordPress

Use your WordPress page editor to create variants and run powerful tests with just a few clicks. No coding skills required.

More Info

Summary

As you can see here, modifying the default behavior of WordPress to have greater control over the file types you allow in your installation is very simple. And best of all, you don’t need to install a complex plugin for this. With just a few lines of PHP code or even editing the wp-config.php file you’ll get what you want.

Now it’s your turn. Explain us which file types you miss in WordPress and your experience using the solutions I have proposed in this article.

Featured image by Andrew Pons.

41 responses to “How to Upload Additional File Types in WordPress”

Louise
August 22, 2017
Hi Antonio
I’ve tried both options, and I’m using Caldera forms for a getting quotes. However, with either option I still can’t add custom file types such as Photoshop (.psd), this is essential for the website, is there anything else I can try? Many thanks in advance for your help 🙂
Reply
1. Antonio Villegas
  August 23, 2017
  You should contact Caldera forms developers. Probably that plugin does not allow uploading Photoshop files and our solution does not work with it.
  Reply
Mike
April 29, 2018
What about file types other than those on the iana list, how does one enable their upload?
Mike
Reply
1. Antonio Villegas
  April 30, 2018
  Could you provide an example?
  Reply
Mike
April 30, 2018
Sure! I’ve made custom maps for civ5 and my friends want me to post them. So I’m trying to upload xyz.civ5map files and get the “Sorry, this file type is not permitted for security reasons” message at the upload media page. Adding
define( ‘ALLOW_UNFILTERED_UPLOADS’, true );
to wp-config.php did not solve the problem.
Mike
Reply
1. Antonio Villegas
  May 1, 2018
  I see. Did you try to investigate which is the media type of the file? On UNIX systems you can execute file --mime-type xyz.civ5map. Maybe that would tell you the media type of the file and then the process would work…
  Reply
  1. Mike
    May 2, 2018
    Antonio,
    That worked like a charm.
    Thanks,
    Mike
    Reply
    1. Antonio Villegas
      May 3, 2018
      Good to hear that!
      Reply
Nikolay
May 22, 2018
Hello Antonio,
I would like to post *.set files on my website
but after adding the above statement in the config file it still doesn’t work.
What else should I change?
Reply
1. Antonio Villegas
  May 22, 2018
  Do you know which is the mime type of these files?
  Reply
Mr Alexander
August 28, 2018
i believe that adding the config define( ‘ALLOW_UNFILTERED_UPLOADS’, true ); is a bad practice.
It is much better to do it on demand and only allow certain file types.
Reply
1. Antonio Villegas
  August 29, 2018
  That’s true. Just wanted to show all the different options you have here.
  Reply
Paul
September 26, 2018
Doesn’t work for me, I get this message:
Common.json
Sorry, this file type is not permitted for security reasons.
WP Version 4.9.8
Reply
1. Antonio Villegas
  September 26, 2018
  Maybe your hosting is blocking the file types. Try to contact them. Surely they’ll be able to help you.
  Reply
Szymon Wadowski
December 12, 2018
Hi Antonio.
Thanks for your article, i think it’s great 🙂 If we’re talking about programming i’am a at a very beginner stage. I need the classified theme for wordpress that would allow user to post ads with attachment other than standard (but save – for example .stl or .obj).
I’ve been trying to find the right place in the function.php of my theme to add your script. Do you think that modifying that line with “post_mime_type’ => ‘image’,” to script presented in your article would give some effect?
/*==========================
Prints the attached image with a link to the next attached image.
@return void
@since v 1.0
===========================*/
if ( ! function_exists( ‘theme_the_attached_image’ ) ) :
function theme_the_attached_image() {
$post = get_post();
$attachment_size = apply_filters( ‘theme_attachment_size’, array( 724, 724 ) );
$next_attachment_url = wp_get_attachment_url();
/**
* Grab the IDs of all the image attachments in a gallery so we can get the URL
* of the next adjacent image in a gallery, or the first image (if we’re
* looking at the last image in a gallery), or, in a gallery of one, just the
* link to that image file.
*/
$attachment_ids = get_posts( array(
‘post_parent’ => $post->post_parent,
‘fields’ => ‘ids’,
‘numberposts’ => -1,
‘post_status’ => ‘inherit’,
‘post_type’ => ‘attachment’,
‘post_mime_type’ => ‘image’,
‘order’ => ‘ASC’,
‘orderby’ => ‘menu_order ID’
) );
// If there is more than 1 attachment in a gallery…
if ( count( $attachment_ids ) > 1 ) {
foreach ( $attachment_ids as $attachment_id ) {
if ( $attachment_id == $post->ID ) {
$next_id = current( $attachment_ids );
break;
}
}
// get the URL of the next image attachment…
if ( $next_id )
$next_attachment_url = get_attachment_link( $next_id );
// or get the URL of the first image attachment.
else
$next_attachment_url = get_attachment_link( array_shift( $attachment_ids ) );
}
printf( ‘%3$s‘,
esc_url( $next_attachment_url ),
the_title_attribute( array( ‘echo’ => false ) ),
wp_get_attachment_image( $post->ID, $attachment_size )
);
}
endif;
Reply
Szymon
December 12, 2018
Hi Antonio.
It’s a great article. i would like to try to use it to solve my trouble but i’m not sure if i’m doing it right. I would like to set up some classified site on wordpress theme with possibility of adding listing with custom attachments like .stl or .obj. But all wordpress classified themes are not allowing those attachments (only images).
I’m trying to modify function.php of my theme and add there your function my_myme_types, do you thing i should paste it between this function below or as a seperate function?:
/*==========================
Insert attachments front end
===========================*/
function theme_insert_attachment($file_handler,$post_id,$setthumb=’false’) {
// check to make sure its a successful upload
if ($_FILES[$file_handler][‘error’] !== UPLOAD_ERR_OK) __return_false();
require_once(ABSPATH . “wp-admin” . ‘/includes/image.php’);
require_once(ABSPATH . “wp-admin” . ‘/includes/file.php’);
require_once(ABSPATH . “wp-admin” . ‘/includes/media.php’);
$attach_id = media_handle_upload( $file_handler, $post_id );
return $attach_id;
}
Reply
1. Antonio
  December 12, 2018
  Hi Szymon. Let’s start with the basics. You shouldn’t modify the code of your theme directly because any update of your theme will override the changes. You should try to work with a child theme instead. On the other side, the code of the function my_myme_types only allows you to be able to upload in the WordPress media library files with extensions (or mime-types) different from the common ones. You can use it for that purpose only. If what you want to do implies modifications of a WordPress theme (or the functionality behind it), you should contact to the theme author directly and ask him/her for help. That being said, I’m not able to fully understand what is the scenario you want to achieve nor how the theme works when allowing the loading of that .stl or .obj files. Unfortunately I’m not very helpful here.
  Reply
ckglobe
December 14, 2018
Ola Antonio,
I ran into the problem that customers suddenly were’nt able anymore to upload a file when ordering in the webshop as they did for years. I’ve checked everything there is to check for but no result. Now I hope the solution is applying the mime filter. But, does that mean that all the other allowed mime types by wordpress are rejected?
Hope to hear from you soon.
Reply
1. Antonio Villegas
  December 14, 2018
  Hi! You should check what has changed in your site. If everything worked fine before, maybe a plugin has been updated or even WordPress itself and now it caused the problem. Note that recently WordPress released the 5.0 version with lots of changes (including a new block editor). Things don’t go wrong without a reason. Something may have caused your issue. Anyway, about your question, if you add additional mime types through code, that won’t affect the current files supported by WordPress. You’re just adding more supported files.
  Reply
Grzegorz
March 5, 2019
HI
im uploading csv files. 2 MB goes fine, but for bigger files I got error “Sorry, This File Type Is Not Permitted For Security Reasons” PHP allows bigger files on another WP site. How to fix such problem?
Thanks
Greg
Reply
1. Antonio Villegas
  March 5, 2019
  Hi Grzegorz. If the problem is the file size, try to increase the allowed size in your WordPress installation. Your hosting provider may help you here. Just take a look at the instructions provided here as an example of what you can do.
  Reply
peter mumford
May 6, 2019
I can’t get JSON files to upload by any method except hacking wordpress core files. The filter does not work. I also tried this:
https://core.trac.wordpress.org/ticket/45633#comment:10
That does not work either..
Reply
1. Antonio Villegas
  May 7, 2019
  Hi Peter. What did you do and how did you do it? Anyway, try this plugin. Let us know if this work.
  Reply
Alex
May 13, 2019
Awesome, I personally prefer the mimes approach. Adding define( ‘ALLOW_UNFILTERED_UPLOADS’, true ); can be extremely dangerous in environments with lots of users.
Reply
1. Antonio Villegas
  May 14, 2019
  Thanks for the comment, Alex.
  Reply
Dan
July 15, 2019
I do get the security reasons error when trying to upload a .bin file.
Can you verify that the mime or wp-config.php will work in this case?
Reply
1. David Aguilera
  July 16, 2019
  As far as I know, the mime type you should use in a .bin file is application/octet-stream. Maybe this might solve your issue. If it doesn’t, get in touch with your hosting provider, as they might be limiting what you can upload to the server.
  Regards,
  David
  Reply
Jorn
July 28, 2019
did anyone try to allow .ai files?
I tried to allow the following filetypes:
$mime_types[‘psd’] = ‘image/vnd.adobe.photoshop’;
$mime_types[‘eps’] = ‘application/postscript’;
$mime_types[‘ai’] = ‘application/postscript’;
.psd and .eps are working now.
.ai does not work
Did I do anything wrong here?
Reply
1. Antonio Villegas
  July 29, 2019
  Did you try ‘application/vnd.adobe.illustrator’? Not sure if it will work, though.
  Reply
  1. Jorn
    November 19, 2019
    I tried it now but it didn’t work either. Any other ideas? 🙂
    Reply
    1. Antonio Villegas
      November 20, 2019
      Unfortunately, I cannot provide more support without taking a look at it directly. You should pass this question to your hosting provider. It may be the case there is some limitation there.
      Reply
2. Ayush koundal
  January 6, 2021
  try this
  function my_myme_types($mime_types){
  $mime_types[‘psd’] = ‘image/svg+xml’; //Adding svg extension
  $mime_types[‘ai’] = ‘image/vnd.adobe.photoshop’; //Adding photoshop files
  return $mime_types;
  }
  add_filter(‘upload_mimes’, ‘my_myme_types’, 1, 1);
  Reply
Frank Morrell
May 5, 2020
I have an image program that will convert image files to WEBP which is Google WebP
I could not upload the file. Error message not permitted for security reasons.
I called a tech at SiteGround he sent me this page. I added to the wp_config.php saved and have checked several times the line of code has been added.
define( ‘ALLOW_UNFILTERED_UPLOADS’, true );
but still can not upload a Google WebP.
I would like to use that format because the file sizes are smaller than Jpeg
Reply
1. David Aguilera
  May 6, 2020
  Hi Frank, thanks for getting in touch with us. I just gave it a shot and it does indeed work. However, you have to make sure you’re using single quotation marks and not the stylized versions (don’t copy paste them; type them directly with your keyboard instead).
  Reply
Andreson Toni
May 25, 2020
Great update thanks
Reply
Marius Torenga
June 15, 2020
Hi Antonio,
Thanks for this simple explanation how to doe it. Unfortunately I can’t get it working.
solution 1 has not made me able to upload .pbix or .pbit files
solutions 2 the same, but also don’t know where in the current functions.php I have to add these lines of code. Can you tell me more about that? I can share the code with you if needed.
Thanks in advance for your response!!
Kind regards,
Marius
Reply
1. Antonio Villegas
  June 16, 2020
  Hi Marius. Did you use the proper mime type? Try with ‘application/octet-stream’.
  Reply
ethel
September 5, 2020
HELLO, I tried to add .epub, so I added define( ‘ALLOW_UNFILTERED_UPLOADS’, true ) into wp_config but it didn’t work for me. Do you know why? regards
Reply
1. Antonio Villegas
  September 6, 2020
  Maybe your hosting is overwriting this value. Did you try the upload_mimes filter?
  Reply
gantsta
February 26, 2021
If this helps anyone, neither the ALLOW_UNFILTERED_UPLOADS constant or the ‘upload_mimes’ filter works if you are using WordPress Multisite where the list of allowed file types for your sub-sites are set within the ‘Network Admin’ -> ‘Settings’ page within WordPress. Obviously your WordPress user needs sufficient privs in order to be able to see this settings page.
Reply
1. Jhon
  August 23, 2021
  Thank you very much, it has been a great help to me!
  Reply