Users can’t upload certain file formats due to MIME type restrictions.
Disallowed File Types
Key Points: WordPress blocks file uploads like SVG, JSON, or fonts unless you explicitly allow them.
You try to upload an SVG logo — WordPress says: “Sorry, this file type is not permitted for security reasons.” Even though it’s safe and widely used. This restriction is built-in for good reason — but you can override it safely.
🚫 Why WordPress Blocks Files
- Some file types can contain executable code (e.g., SVG with JavaScript)
- Unrestricted uploads create security risks
🛠️ How to Allow Additional File Types
- Add a filter to
functions.php:function allow_more_uploads($mimes) { $mimes['svg'] = 'image/svg+xml'; return $mimes; } add_filter('upload_mimes', 'allow_more_uploads'); - Use a plugin like WP Extra File Types for UI control
🔐 Caution
If you allow SVGs, sanitize them with a plugin like Safe SVG to prevent embedded malicious scripts.