Uploading MIME-conflicted ebooks and files to WordPress

adminother0 Comment
4 min. reading

Starting with 5.0.1 version WordPress introduced an additional security check, where file’s MIME type must match extension. So an attempt to upload any executable file file with .jpg extension will fail with:

Sorry, this file type is not permitted for security reasons

This can be a real pain when trying to upload certain ebook format, because this is exactly the case — a MIME-type conflicted with extension (at least as seen by WordPress). For example: Kindle’s .azw3 files declares itself (content; look inside) as BOOKMOBI. Or .epub format which has application/epub+zip as MIME-type and being a modified version of .zip file or actually a regular .zip file with some predefined content.

There are some ways to workaround this (discussed here), however, not all of them works, sorry!

First is to, of course, tell WordPress that you (as blog or blog network admin) allow certain file type at all:

You will find these settings either in your admin panel in Settings section of your blog, or in Network Admin > Settings section of your blog network. If you’re not a blog or blog network owner, only a mere user, you must contact blog network admin and ask them to do the change.

If that is done and you’re still seeing error then there are two things you may consider. Both, however, require that you have a FTP access to the root folder of your WordPress installation at your hosting.

The wp-config.php way

The easier of two is to modify your wp-config.php file and add following line to it (more information: here):

define('ALLOW_UNFILTERED_UPLOADS', true);

Send it to your hosting, refresh WordPress page, try to upload file again and see, if your problem is solved.

In my case, it was solved only partially. My WordPress now allowed me to uplad .azw3 and .mobi files (it was refusing this prior to adding this line). But was still refraining from uploading .epub files.

Why? Frankly saying, I don’t know.

My only suspicion is that .epub files are in fact .zip files that contains two or three .xml files inside. And WordPress doesn’t like such files pretty much and may be blocking you from uploading such files, now matter what you try to do, in order to upload them.

Allowing unflitered file uploads can be considered a security risk. Sometimes high. I can upload an executable file infected with virus and claim that this is a .jpg image. WordPress won’t check and won’t object with the above setting. Keep that in mind and consider setting this flag to true only occasionally, if that is possible.

The filters way

This solution is not tested by me, but is reported to be working just fine. You need to add:

add_filter('upload_mimes', function ( $mimes = array() )
{ 
    $mimes['mobi'] = 'application/x-mobipocket-ebook';
    $mimes['epub'] = 'application/epub+zip';
    return $mimes;
} );

anywhere within your theme’s or plugin’s .php file.

This, however, might be tougher solution because you must:

  • Create your own customized plugin and put the code there (and not into some existing plugin)
  • Create a child theme out of your main theme and put the code there (and not into main theme)

You will be always facing risk that an update to existing plugin or main theme, made by their authors, will overwrite your work.

That is why I did not decided to follow this way and resigned from uploading certain file types at all instead.

Leave a Reply