How to: Tips and Tricks

18 Mar 2010

by enjoy

11 Comments »

WordPress

, , ,

WordPress: modify the upload list of allowed file types

WordPress logo

When you attempt to upload a file in WordPress that is not in the default list of acceptable file types, you will receive the following error: File type does not meet security guidelines. Try another. While there’s no admin-based tool for editing list of allowed file types, it’s not at all difficult to add your own or remove any existing.

Upload filetypes are checked by the function wp_check_filetype in wp-includes/functions.php. But we will add new file types to the file functions.php in our template due to upgrade WordPress.

Open your theme's functions.php file and add this line somewhere between the <?php and ?>:

add_filter('upload_mimes', 'custom_upload_mimes');
function custom_upload_mimes ( $existing_mimes=array() ) {
// add your extension to the array
$existing_mimes['deb'] = 'application/x-deb';
// add as many as you like
// removing existing file types
unset( $existing_mimes['exe'] );
// add as many as you like
// and return the new full result
return $existing_mimes;
}

In this case I allowed upload .deb files and banned upload .exe files. List of MIME Types can be found here, or use google, if your file type is not in the list (e.g. deb or rpm file type).

Credit goes to Chris Meller.

No related posts.

11 Comments

« Previous Post 
 Next Post »

  • Ayush
    9 Jun, 2010

    Thank you very much….

  • scott
    2 Jul, 2010

    I am trying to upload .aiff files to my own computer (i know, pathetic) using the personal file sharing capabilities of 10.5. I checked that the .aif and .aiff file types are in the functions.php file (they are) but I am still getting the security error. Any ideas?

    Thanks for the post – i felt I was close to a solution with this one!

    S

  • Austin
    4 Aug, 2010

    Awesome find.

  • RalphGL
    1 Sep, 2011

    I regret this is not working with WP 3.2.1.
    Any idea why and how to solve this problem with new versions of WordPress?

  • RalphGL
    1 Sep, 2011

    sorry fpr my prior comment, i failed – it works fine with WP 3.2.1, thank you for this tipp!

  • Martin
    15 Sep, 2011

    You put me on the right path, but I found it easier to just update the get_allowed_mime_types function which is in the same file.

  • Jacob Coens
    20 Oct, 2011

    @Martin:

    Changing that function might work, but you shouldn’t modify core WordPress files, as your changes may be overridden when upgrading to a newer version.

    Use a (child) theme or plugins to add your own functionality and hook into WordPress events when you need to change WordPress’ default behavior.

    Please use the method that is provided in this article.

  • Josh
    6 Dec, 2011

    I’ve been working on a plugin to extend the mime types, but just recently realized where get_allowed_mime_types() was located. Any ideas why only 1/3 of the file types would be working properly, even though they’re listed in includes/functions.php > get_allowed_mime_types()?

  • Naved Ahmed
    1 Feb, 2013

    Thanks a lot… :D

  • Marcos Nakamine
    15 Feb, 2018

    Thanks!