2022 fix for the error “Sorry, This File Type Is Not Permitted for Security Reasons” Error in WordPress

watchLast Updated:

bookmarkWritten by: Yakovos Frountas

Yeah yeah! We understood. You came here because you face the most common error once you tried to upload an SVG file to your WordPress media library.

Fortunately we have found a workaround for this.

First Things First

Our workaround is a little bit “dirty” and you need to have access to your theme’s code. If you haven’t activate yet a child theme is strongly recommended to do it in order to follow this process. If you don’t know what a child theme is you can take a look in our Glossary.

The Code Part

 * Add SVGs to the list of allowed mime types.
 * @param array $upload_mimes The existing allowed mime types.
 * @return array The enhanced allowed mime types.
function bmwp_admin_add_svg_to_upload_mimes( $upload_mimes ) {

    $file_types = array();
    $file_types['svg'] = 'image/svg+xml';
    $upload_mimes = array_merge( $file_types, $upload_mimes );
    return $upload_mimes;


add_filter('upload_mimes', 'bmwp_admin_add_svg_to_upload_mimes');

The “hack” part

If you have installed the above code and you have tried to upload an SVG image you should see again the same error message. In order to get rid of this message our recommended way to fix this is to edit manually all your SVG files and add to the very beginning of the file the following line of code:

<?xml version="1.0" encoding="utf-8"?>

Alternatively if you don’t want to edit your SVG files directly you can use the SVG Sanitizer Test site in order to help you. Just copy and paste your SVG code inside the textarea fields.

Voila! Your SVG images are now ready to be uploaded to your WordPress media library. Enjoy! 🙂

Have you found a better way to upload SVG images in your media library? Please let us know in the comments below and we will keep this article updated in order to help as many people as we can.

Why you face this problem?

WordPress has changed in version 5.0.1 the MIME validation for uploaded files. As a result of this you are getting the error “Sorry, This File Type Is Not Permitted for Security Reasons” Error in WordPress.

How the validation now works with mime_content_type()

To validate uploads WordPress compares the MIME type of the file to the allowed MIME types for that extension. So when the file is uploaded, WordPress checks for the file extension, .svg, and the file’s MIME type. It then these against the allowed MIME type for the .svg extension. If the detected MIME type does not match, then the upload is refused. The purpose of this is to prevent dangerous files being uploaded with a misleading file extension.

The actual detection of the MIME type for the file is ultimately handled by PHP, though. So if our SVG file is not being detected as image/svg+xml, then this is because PHP doesn’t recognise it as an SVG file. As we have discovered, it appears that PHP does not recognise files without the tag as an SVG. It’s likely that it thinks the file is an HTML file, text/html. This would be because HTML documents can contain elements, meaning only way to reliably distinguish between an HTML file with SVG and an actual SVG file is the presence of this tag.

So this is why the tag needs to be included. It’s what makes it an image/svg+xml file.

Leave a Comment

Ready to get started?

Registering for a maintenance plan ensures that your website will be regularly updated and secure, preventing any potential issues or hacks,