WordPress: modify the upload list of allowed file types
When you attempt to upload a file in WordPress that is not in the default list of acceptable file types, you will receive the following error: File type does not meet security guidelines. Try another.
While there’s no admin-based tool for editing list of allowed file types, it’s not at all difficult to add your own or remove any existing.
Upload filetypes are checked by the function wp_check_filetype in wp-includes/functions.php. But we will add new file types to the file functions.php in our template due to upgrade WordPress.
Open your theme's functions.php
file and add this line somewhere between the <?php
and ?>
:
add_filter('upload_mimes', 'custom_upload_mimes'); function custom_upload_mimes ( $existing_mimes=array() ) { // add your extension to the array $existing_mimes['deb'] = 'application/x-deb'; // add as many as you like // removing existing file types unset( $existing_mimes['exe'] ); // add as many as you like // and return the new full result return $existing_mimes; }
In this case I allowed upload .deb files and banned upload .exe files. List of MIME Types can be found here, or use google, if your file type is not in the list (e.g. deb or rpm file type).
Credit goes to Chris Meller.
Ayush
9 Jun, 2010
Thank you very much….
scott
2 Jul, 2010
I am trying to upload .aiff files to my own computer (i know, pathetic) using the personal file sharing capabilities of 10.5. I checked that the .aif and .aiff file types are in the functions.php file (they are) but I am still getting the security error. Any ideas?
Thanks for the post – i felt I was close to a solution with this one!
S
Austin
4 Aug, 2010
Awesome find.
RalphGL
1 Sep, 2011
I regret this is not working with WP 3.2.1.
Any idea why and how to solve this problem with new versions of WordPress?
RalphGL
1 Sep, 2011
sorry fpr my prior comment, i failed – it works fine with WP 3.2.1, thank you for this tipp!
Martin
15 Sep, 2011
You put me on the right path, but I found it easier to just update the get_allowed_mime_types function which is in the same file.
Jacob Coens
20 Oct, 2011
@Martin:
Changing that function might work, but you shouldn’t modify core WordPress files, as your changes may be overridden when upgrading to a newer version.
Use a (child) theme or plugins to add your own functionality and hook into WordPress events when you need to change WordPress’ default behavior.
Please use the method that is provided in this article.
Josh
6 Dec, 2011
I’ve been working on a plugin to extend the mime types, but just recently realized where get_allowed_mime_types() was located. Any ideas why only 1/3 of the file types would be working properly, even though they’re listed in includes/functions.php > get_allowed_mime_types()?
Naved Ahmed
1 Feb, 2013
Thanks a lot… :D
Marcos Nakamine
15 Feb, 2018
Thanks!