MIME Types in WordPress

26 September 2024

MIME Types in WordPress

MIME Types in WordPress

WordPress restricts both file types and MIME types, with new types added via code updates. In this post, we will discuss what MIME types are, which MIME types WordPress permits to be uploaded, which MIME types WordPress recognizes, and how to add new MIME types if necessary.

We’ll also discuss why you could get a security error when uploading a picture, such as “Sorry, this file type is not permitted for security reasons,” and how to resolve it.


About MIME types in WordPress

MIME types in WordPress here MIME stands for “Multipurpose Internet Mail Extensions.” Browsers and other internet devices utilize MIME types to identify the type of material on a page. For example, if you have a .png and a .jpeg file on the page, the browser will treat them as images rather than videos or other file types.

WordPress automatically stores a list of registered mime types in wp-includes/functions.php, which developers can access using wp_get_allowed_mime_types(). WordPress recognizes the following file types. However, not all MIME types recognized can be uploaded via the WordPress Admin Dashboard.

Use the upload_mimes filter to view only the sorts of files that WordPress supports for uploads.

If you try to upload a file with a MIME type or file type that WordPress does not support, you will see the error “Sorry, this file type is not permitted for security reasons.”Continue on to learn how to correct this issue.


Allowed WordPress MIME Types

Although WordPress recognizes a specific MIME type, it does not necessarily allow for uploading that file type on the Admin Dashboard. WordPress allows just the following file types to be uploaded.

The following is a list of the many file kinds that can be uploaded to WordPress, along with their matching MIME types. These file formats will upload without displaying any security warnings in your WordPress dashboard.

File ExtensionMIME Type
.jpgimage/jpeg, image/pjpeg
.jpegimage/jpeg, image/pjpeg
.pngimage/png
.gifimage/gif
.icoimage/x-icon
.pdfapplication/pdf
.docapplication/msword
.docxapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
.pptapplication/mspowerpoint, application/powerpoint, application/vnd.ms-powerpoint, application/x-mspowerpoint
.pptxapplication/vnd.openxmlformats-officedocument.presentationml.presentation
.ppsapplication/mspowerpoint, application/vnd.ms-powerpoint
.ppsxapplication/vnd.openxmlformats-officedocument.presentationml.slideshow
.odtapplication/vnd.oasis.opendocument.text
.xlsapplication/excel, application/vnd.ms-excel, application/x-excel, application/x-msexcel
.xlsxapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheet
.psdapplication/octet-stream
.mp3audio/mpeg3, audio/x-mpeg-3, video/mpeg, video/x-mpeg
.m4aaudio/m4a
.oggaudio/ogg,
.wavaudio/wav, audio/x-wav
.mp4video/mp4
.m4vvideo/x-m4v
.movvideo/quicktime
.wmvvideo/x-ms-asf, video/x-ms-wmv
.aviapplication/x-troff-msvideo, video/avi, video/msvideo, video/x-msvideo
.mpgaudio/mpeg, video/mpeg
.ogvvideo/ogg
.3gpvideo/3gpp, audio/3gpp
.3g2video/3gpp2, audio/3gpp2


Not Allowed MIME types in WordPress

The wp_get_allowed_mime_types() function returns a list of MIME types that WordPress recognizes but does not allow for uploading. We’ll go over the MIME types that cannot be uploaded in wp-admin yet are recognized by WordPress.

When you upload a file with one of the following extensions, you will get the security warning: “Sorry, this file type is not permitted for security reasons.”Proceed to this section to discover how to fix the error.

File ExtensionMIME Type
.bmpimage/bmp
.tifimage/tiff
.tiffimage/tiff
.asfvideo/x-ms-asf
.asxvideo/x-ms-asf
.wmvideo/x-ms-wm
.wmxvideo/x-ms-wmx
.divxvideo/divx
.flvvideo/x-flv
.qtvideo/quicktime
.mpevideo/mpeg
.webmvideo/webm
.mkvvideo/x-matroska
.txttext/plain
.asctext/plain
.ctext/plain
.cctext/plain
.htext/plain
.csvtext/csv
.tsvtext/tab-separated-values
.icstext/calendar
.rtxtext/richtext
.csstext/css
.htmtext/html
.htmltext/html
.m4baudio/mpeg
.raaudio/x-realaudio
.ramaudio/x-realaudio
.midaudio/midi
.midiaudio/midi
.waxaudio/x-ms-wax
.mkaaudio/x-matroska
.rtfapplication/rtf
.jsapplication/javascript
.swfapplication/x-shockwave-flash
.classapplication/java
.tarapplication/x-tar
.zipapplication/zip
.gzapplication/x-zip
.gzipapplication/x-zip
.rarapplication/rar
.7zapplication/x-7z-compressed
.exeapplication/x-msdownload
.potapplication/vnd.ms-powerpoint
.wriapplication/vnd.ms-write
.xlaapplication/vnd.ms-excel
.xltapplication/vnd.ms-excel
.xlwapplication/vnd.ms-excel
.mdbapplication/vnd.ms-access
.mppapplication/vnd.ms-project
.docmapplication/vnd.ms-word.document.macroEnabled.12
.dotxapplication/vnd.openxmlformats-officedocument.wordprocessingml.template
.dotmapplication/vnd.ms-word.template.macroEnabled.12
.xlsmapplication/vnd.ms-excel.sheet.macroEnabled.12
.xlsbapplication/vnd.ms-excel.sheet.binary.macroEnabled.12
.xltxapplication/vnd.openxmlformats-officedocument.spreadsheetml.template
.xltmapplication/vnd.ms-excel.template.macroEnabled.12
.xlamapplication/vnd.ms-excel.addin.macroEnabled.12
.pptmapplication/vnd.ms-powerpoint.presentation.macroEnabled.12
.ppsmapplication/vnd.ms-powerpoint.slideshow.macroEnabled.12
.potxapplication/vnd.openxmlformats-officedocument.presentationml.template
.potmapplication/vnd.ms-powerpoint.template.macroEnabled.12
.ppamapplication/vnd.ms-powerpoint.addin.macroEnabled.12
.sldxapplication/vnd.openxmlformats-officedocument.presentationml.slide
.sldmapplication/vnd.ms-powerpoint.slide.macroEnabled.12
.onetocapplication/onenote
.onetoc2application/onenote
.onetmpapplication/onenote
.onepkgapplication/onenote
.odpapplication/vnd.oasis.opendocument.presentation
.odsapplication/vnd.oasis.opendocument.spreadsheet
.odgapplication/vnd.oasis.opendocument.graphics
.odcapplication/vnd.oasis.opendocument.chart
.odbapplication/vnd.oasis.opendocument.database
.odfapplication/vnd.oasis.opendocument.formula
.wpapplication/wordperfect
.wpdapplication/wordperfect
.keyapplication/vnd.apple.keynote
.numbersapplication/vnd.apple.numbers
.pagesapplication/vnd.apple.pages

Enhancing File Upload Security with WP Activity Log & Notifier

With the WP Activity Log & Notifier, you have the power to customize and restrict the types of files users can upload to your WordPress site. This feature is crucial for maintaining your site’s security and preventing malicious code from being uploaded inadvertently.

Configuration Steps

  1. Navigate to the Configuration Page:
    • Go to Configuration > Advanced Site Security> in your WordPress dashboard.
  2. Allowed File Types:
    • Here, you can define which MIME types are allowed for upload. You can choose from approved formats such as:
      • image/jpeg
      • image/png
      • application/pdf
      • application/zip
      • video/mp4
  3. Track File Uploads for Malicious Code:
    • Activate the Allowed file type and Track File Uploads for Malicious Code option. This feature monitors all file uploads for any suspicious activity and automatically blocks any disallowed file types.
  4. Adding New MIME Types:
    • If you need to add new MIME types beyond the default options, simply do so in the configuration settings. This flexibility allows you to adapt to your specific site needs while maintaining security.

Robust Protection

By implementing these restrictions, you ensure that only the selected file formats are permitted for upload. All other types will be blocked, significantly reducing the risk of harmful files being uploaded to your site. This proactive approach to file upload management not only enhances security but also builds user trust by safeguarding sensitive data.

Conclusion

In conclusion, utilizing the WP Activity Log & Notifier to set up MIME type restrictions is an essential step towards a secure WordPress environment. By carefully selecting which file types users can upload and monitoring these uploads for any suspicious activity, you create a safer site that is less vulnerable to attacks. Implement these settings today to protect your WordPress site effectively!

Have question?