Files in WordPress

Being able to manage all the files we upload in WordPress in one place (the media library) is something very useful. Some say the media library could be improved—some requested features are still missing, like file tagging, sorting by topic or by file extension, or searching for duplicates—, but its usefulness is clear when reusing or sharing files between our contents without having to upload them more than once.

Maybe you didn’t know that, but WordPress only allows file uploading into the media library if such files meet certain conditions. Specifically, you can only upload the following file types by default in a standard WordPress installation:

  • Images
    • .jpg
    • .jpeg
    • .png
    • .gif
    • .ico
  • Documents
    • .pdf (Portable Document Format; Adobe Acrobat)
    • .doc, .docx (Microsoft Word Document)
    • .ppt, .pptx, .pps, .ppsx (Microsoft PowerPoint Presentation)
    • .odt (OpenDocument Text Document)
    • .xls, .xlsx (Microsoft Excel Document)
    • .psd (Adobe Photoshop Document)
  • Audio
    • .mp3
    • .m4a
    • .ogg
    • .wav
  • Video
    • .mp4, .m4v (MPEG-4)
    • .mov (QuickTime)
    • .wmv (Windows Media Video)
    • .avi
    • .mpg
    • .ogv (Ogg)
    • .3gp (3GPP)
    • .3g2 (3GPP2)

However, it’s not always possible to upload all these file types—some hosting providers limit the set of valid file types and even the maximum file size you can upload in your installation. If you have problems uploading some permitted file types, contact your provider first to get an explanation.

When trying to upload a .SVG image in WordPress you get an error.
When trying to upload a .SVG image in WordPress you get an error.

Recently we received a comment asking us how to expand the list by adding more file types. As surely there are more people interested in learning how to do this, in this post I explain the solution.

Modiying wp-config.php

If you do not want to limit the file types and thus upload any file into the media library, the easiest way to follow is to add the following line in the wp-config.php file:


The wp-config.php file allows us to modify the default behavior of WordPress. You’ll find it in the root of your server. Using the above statement we are allowing all administrators to upload any file type. Note that this can be dangerous if you do not trust too much your administrators and what they can do. Be careful when adding this statement or you might end up regretting your decision ?

Using the upload_mimes filter

If you want to solve the problem of uploading additional file types to WordPress, but being selective and only allowing a controlled subset of file types, the best you can do is use the upload_mimes filter. As always, you have all the information in the Codex.

This filter is super easy to use. You only need to add a piece of code similar to the following in the functions.php file of your theme or inside a new plugin of your own:

You can ignore the first line (<?php), which simply opens a block of PHP code. Line 2 indicates that the function my_mime_types will be executed with the upload_mimes filter. Lines 3 to 10 define this function. my_mime_types has one single parameter ($mime_types)—the list of allowed file types.

If you want to allow SVG and JSON files in the media library, just add lines 4 and 5, respectively. This is how it works: to add a new file type, you just have to create a new entry in the $mime_types list with the file extension and mime type. To find the proper mime type of an extension go to the official list of media types that the IANA (Internet Assigned Numbers Authority) defines.

On the other hand, you can also disable certain file types. You can prohibit the file types you want by simply unsetting their entries in the $mime_types array, as I did in lines 7 and 8, where I disabled Microsoft Excel file uploading.

Nelio Unlocker

Switch to WordPress safely while keeping your design and content

Improve your SEO today and boost your site speed by converting your pages into HTML, CSS, and WordPress standards. With zero technical knowledge required, you’ll only pay for what you need.


As you can see here, modifying the default behavior of WordPress to have greater control over the file types you allow in your installation is very simple. And best of all, you don’t need to install a complex plugin for this. With just a few lines of PHP code or even editing the wp-config.php file you’ll get what you want.

Now it’s your turn. Explain us which file types you miss in WordPress and your experience using the solutions I have proposed in this article.

Featured image by Andrew Pons.

41 responses to “How to Upload Additional File Types in WordPress”

  1. Louise Avatar

    Hi Antonio

    I’ve tried both options, and I’m using Caldera forms for a getting quotes. However, with either option I still can’t add custom file types such as Photoshop (.psd), this is essential for the website, is there anything else I can try? Many thanks in advance for your help :)

    1. Antonio Villegas Avatar

      You should contact Caldera forms developers. Probably that plugin does not allow uploading Photoshop files and our solution does not work with it.

  2. Mike Avatar

    What about file types other than those on the iana list, how does one enable their upload?


    1. Antonio Villegas Avatar

      Could you provide an example?

  3. Mike Avatar

    Sure! I’ve made custom maps for civ5 and my friends want me to post them. So I’m trying to upload xyz.civ5map files and get the “Sorry, this file type is not permitted for security reasons” message at the upload media page. Adding
    define( ‘ALLOW_UNFILTERED_UPLOADS’, true );
    to wp-config.php did not solve the problem.


    1. Antonio Villegas Avatar

      I see. Did you try to investigate which is the media type of the file? On UNIX systems you can execute file --mime-type xyz.civ5map. Maybe that would tell you the media type of the file and then the process would work…

      1. Mike Avatar


        That worked like a charm.



  4. Nikolay Avatar

    Hello Antonio,
    I would like to post *.set files on my website
    but after adding the above statement in the config file it still doesn’t work.
    What else should I change?

    1. Antonio Villegas Avatar

      Do you know which is the mime type of these files?

  5. Mr Alexander Avatar

    i believe that adding the config define( ‘ALLOW_UNFILTERED_UPLOADS’, true ); is a bad practice.

    It is much better to do it on demand and only allow certain file types.

    1. Antonio Villegas Avatar

      That’s true. Just wanted to show all the different options you have here.

  6. Paul Avatar

    Doesn’t work for me, I get this message:

    Sorry, this file type is not permitted for security reasons.

    WP Version 4.9.8

    1. Antonio Villegas Avatar

      Maybe your hosting is blocking the file types. Try to contact them. Surely they’ll be able to help you.

  7. Szymon Wadowski Avatar
    Szymon Wadowski

    Hi Antonio.

    Thanks for your article, i think it’s great :) If we’re talking about programming i’am a at a very beginner stage. I need the classified theme for wordpress that would allow user to post ads with attachment other than standard (but save – for example .stl or .obj).

    I’ve been trying to find the right place in the function.php of my theme to add your script. Do you think that modifying that line with “post_mime_type’ => ‘image’,” to script presented in your article would give some effect?

    Prints the attached image with a link to the next attached image.
    @return void
    @since v 1.0
    if ( ! function_exists( ‘theme_the_attached_image’ ) ) :
    function theme_the_attached_image() {
    $post = get_post();
    $attachment_size = apply_filters( ‘theme_attachment_size’, array( 724, 724 ) );
    $next_attachment_url = wp_get_attachment_url();

    * Grab the IDs of all the image attachments in a gallery so we can get the URL
    * of the next adjacent image in a gallery, or the first image (if we’re
    * looking at the last image in a gallery), or, in a gallery of one, just the
    * link to that image file.
    $attachment_ids = get_posts( array(
    ‘post_parent’ => $post->post_parent,
    ‘fields’ => ‘ids’,
    ‘numberposts’ => -1,
    ‘post_status’ => ‘inherit’,
    ‘post_type’ => ‘attachment’,
    ‘post_mime_type’ => ‘image’,
    ‘order’ => ‘ASC’,
    ‘orderby’ => ‘menu_order ID’
    ) );

    // If there is more than 1 attachment in a gallery…
    if ( count( $attachment_ids ) > 1 ) {
    foreach ( $attachment_ids as $attachment_id ) {
    if ( $attachment_id == $post->ID ) {
    $next_id = current( $attachment_ids );

    // get the URL of the next image attachment…
    if ( $next_id )
    $next_attachment_url = get_attachment_link( $next_id );

    // or get the URL of the first image attachment.
    $next_attachment_url = get_attachment_link( array_shift( $attachment_ids ) );

    printf( ‘%3$s‘,
    esc_url( $next_attachment_url ),
    the_title_attribute( array( ‘echo’ => false ) ),
    wp_get_attachment_image( $post->ID, $attachment_size )

  8. Szymon Avatar

    Hi Antonio.

    It’s a great article. i would like to try to use it to solve my trouble but i’m not sure if i’m doing it right. I would like to set up some classified site on wordpress theme with possibility of adding listing with custom attachments like .stl or .obj. But all wordpress classified themes are not allowing those attachments (only images).

    I’m trying to modify function.php of my theme and add there your function my_myme_types, do you thing i should paste it between this function below or as a seperate function?:

    Insert attachments front end
    function theme_insert_attachment($file_handler,$post_id,$setthumb=’false’) {

    // check to make sure its a successful upload
    if ($_FILES[$file_handler][‘error’] !== UPLOAD_ERR_OK) __return_false();

    require_once(ABSPATH . “wp-admin” . ‘/includes/image.php’);
    require_once(ABSPATH . “wp-admin” . ‘/includes/file.php’);
    require_once(ABSPATH . “wp-admin” . ‘/includes/media.php’);

    $attach_id = media_handle_upload( $file_handler, $post_id );

    return $attach_id;

    1. Antonio Avatar

      Hi Szymon. Let’s start with the basics. You shouldn’t modify the code of your theme directly because any update of your theme will override the changes. You should try to work with a child theme instead. On the other side, the code of the function my_myme_types only allows you to be able to upload in the WordPress media library files with extensions (or mime-types) different from the common ones. You can use it for that purpose only. If what you want to do implies modifications of a WordPress theme (or the functionality behind it), you should contact to the theme author directly and ask him/her for help. That being said, I’m not able to fully understand what is the scenario you want to achieve nor how the theme works when allowing the loading of that .stl or .obj files. Unfortunately I’m not very helpful here.

  9. ckglobe Avatar

    Ola Antonio,

    I ran into the problem that customers suddenly were’nt able anymore to upload a file when ordering in the webshop as they did for years. I’ve checked everything there is to check for but no result. Now I hope the solution is applying the mime filter. But, does that mean that all the other allowed mime types by wordpress are rejected?

    Hope to hear from you soon.

    1. Antonio Villegas Avatar

      Hi! You should check what has changed in your site. If everything worked fine before, maybe a plugin has been updated or even WordPress itself and now it caused the problem. Note that recently WordPress released the 5.0 version with lots of changes (including a new block editor). Things don’t go wrong without a reason. Something may have caused your issue. Anyway, about your question, if you add additional mime types through code, that won’t affect the current files supported by WordPress. You’re just adding more supported files.

  10. Grzegorz Avatar

    im uploading csv files. 2 MB goes fine, but for bigger files I got error “Sorry, This File Type Is Not Permitted For Security Reasons” PHP allows bigger files on another WP site. How to fix such problem?

    1. Antonio Villegas Avatar

      Hi Grzegorz. If the problem is the file size, try to increase the allowed size in your WordPress installation. Your hosting provider may help you here. Just take a look at the instructions provided here as an example of what you can do.

  11. peter mumford Avatar

    I can’t get JSON files to upload by any method except hacking wordpress core files. The filter does not work. I also tried this:

    That does not work either..

    1. Antonio Villegas Avatar

      Hi Peter. What did you do and how did you do it? Anyway, try this plugin. Let us know if this work.

  12. Alex Avatar

    Awesome, I personally prefer the mimes approach. Adding define( ‘ALLOW_UNFILTERED_UPLOADS’, true ); can be extremely dangerous in environments with lots of users.

    1. Antonio Villegas Avatar

      Thanks for the comment, Alex.

  13. Dan Avatar

    I do get the security reasons error when trying to upload a .bin file.

    Can you verify that the mime or wp-config.php will work in this case?

    1. David Aguilera Avatar

      As far as I know, the mime type you should use in a .bin file is application/octet-stream. Maybe this might solve your issue. If it doesn’t, get in touch with your hosting provider, as they might be limiting what you can upload to the server.


  14. Jorn Avatar

    did anyone try to allow .ai files?

    I tried to allow the following filetypes:

    $mime_types[‘psd’] = ‘image/vnd.adobe.photoshop’;
    $mime_types[‘eps’] = ‘application/postscript’;
    $mime_types[‘ai’] = ‘application/postscript’;

    .psd and .eps are working now.

    .ai does not work

    Did I do anything wrong here?

    1. Antonio Villegas Avatar

      Did you try ‘application/vnd.adobe.illustrator’? Not sure if it will work, though.

      1. Jorn Avatar

        I tried it now but it didn’t work either. Any other ideas? :-)

        1. Antonio Villegas Avatar

          Unfortunately, I cannot provide more support without taking a look at it directly. You should pass this question to your hosting provider. It may be the case there is some limitation there.

    2. Ayush koundal Avatar
      Ayush koundal

      try this

      function my_myme_types($mime_types){
      $mime_types[‘psd’] = ‘image/svg+xml’; //Adding svg extension
      $mime_types[‘ai’] = ‘image/vnd.adobe.photoshop’; //Adding photoshop files
      return $mime_types;
      add_filter(‘upload_mimes’, ‘my_myme_types’, 1, 1);

  15. Frank Morrell Avatar
    Frank Morrell

    I have an image program that will convert image files to WEBP which is Google WebP
    I could not upload the file. Error message not permitted for security reasons.
    I called a tech at SiteGround he sent me this page. I added to the wp_config.php saved and have checked several times the line of code has been added.

    define( ‘ALLOW_UNFILTERED_UPLOADS’, true );

    but still can not upload a Google WebP.
    I would like to use that format because the file sizes are smaller than Jpeg

    1. David Aguilera Avatar

      Hi Frank, thanks for getting in touch with us. I just gave it a shot and it does indeed work. However, you have to make sure you’re using single quotation marks and not the stylized versions (don’t copy paste them; type them directly with your keyboard instead).

  16. Andreson Toni Avatar
    Andreson Toni

    Great update thanks

  17. Marius Torenga Avatar
    Marius Torenga

    Hi Antonio,

    Thanks for this simple explanation how to doe it. Unfortunately I can’t get it working.
    solution 1 has not made me able to upload .pbix or .pbit files
    solutions 2 the same, but also don’t know where in the current functions.php I have to add these lines of code. Can you tell me more about that? I can share the code with you if needed.

    Thanks in advance for your response!!

    Kind regards,


    1. Antonio Villegas Avatar

      Hi Marius. Did you use the proper mime type? Try with ‘application/octet-stream’.

  18. ethel Avatar

    HELLO, I tried to add .epub, so I added define( ‘ALLOW_UNFILTERED_UPLOADS’, true ) into wp_config but it didn’t work for me. Do you know why? regards

    1. Antonio Villegas Avatar

      Maybe your hosting is overwriting this value. Did you try the upload_mimes filter?

  19. gantsta Avatar

    If this helps anyone, neither the ALLOW_UNFILTERED_UPLOADS constant or the ‘upload_mimes’ filter works if you are using WordPress Multisite where the list of allowed file types for your sub-sites are set within the ‘Network Admin’ -> ‘Settings’ page within WordPress. Obviously your WordPress user needs sufficient privs in order to be able to see this settings page.

    1. Jhon Avatar

      Thank you very much, it has been a great help to me!

Leave a Reply

Your email address will not be published. Required fields are marked *

I have read and agree to the Nelio Software Privacy Policy

Your personal data will be located on SiteGround and will be treated by Nelio Software with the sole purpose of publishing this comment here. The legitimation is carried out through your express consent. Contact us to access, rectify, limit, or delete your data.