How to: Tips and Tricks

WordPress: modify the upload list of allowed file types

WordPress logo

When you attempt to upload a file in WordPress that is not in the default list of acceptable file types, you will receive the following error: File type does not meet security guidelines. Try another. While there’s no admin-based tool for editing list of allowed file types, it’s not at all difficult to add your own or remove any existing.

Upload filetypes are checked by the function wp_check_filetype in wp-includes/functions.php. But we will add new file types to the file functions.php in our template due to upgrade WordPress.

Open your theme's functions.php file and add this line somewhere between the <?php and ?>:

add_filter('upload_mimes', 'custom_upload_mimes');
function custom_upload_mimes ( $existing_mimes=array() ) {
// add your extension to the array
$existing_mimes['deb'] = 'application/x-deb';
// add as many as you like
// removing existing file types
unset( $existing_mimes['exe'] );
// add as many as you like
// and return the new full result
return $existing_mimes;

In this case I allowed upload .deb files and banned upload .exe files. List of MIME Types can be found here, or use google, if your file type is not in the list (e.g. deb or rpm file type).

Credit goes to Chris Meller.

  • Thank you very much….

  • I am trying to upload .aiff files to my own computer (i know, pathetic) using the personal file sharing capabilities of 10.5. I checked that the .aif and .aiff file types are in the functions.php file (they are) but I am still getting the security error. Any ideas?

    Thanks for the post – i felt I was close to a solution with this one!


  • Awesome find.

  • I regret this is not working with WP 3.2.1.
    Any idea why and how to solve this problem with new versions of WordPress?

  • sorry fpr my prior comment, i failed – it works fine with WP 3.2.1, thank you for this tipp!

  • You put me on the right path, but I found it easier to just update the get_allowed_mime_types function which is in the same file.

  • @Martin:

    Changing that function might work, but you shouldn’t modify core WordPress files, as your changes may be overridden when upgrading to a newer version.

    Use a (child) theme or plugins to add your own functionality and hook into WordPress events when you need to change WordPress’ default behavior.

    Please use the method that is provided in this article.

  • I’ve been working on a plugin to extend the mime types, but just recently realized where get_allowed_mime_types() was located. Any ideas why only 1/3 of the file types would be working properly, even though they’re listed in includes/functions.php > get_allowed_mime_types()?

  • Thanks a lot… :D

  • Thanks!