File upload blocked despite ALLOW_UNFILTERED_UPLOADS set to true

Some file types are reporting its MIME type different than it is associated with given file extension in WordPress database. Such file upload will be blocked for security reasons (.epub file in my case):

X.epub: Sorry, this file type is not permitted for security reasons

A special ALLOW_UNFILTERED_UPLOADS flag is used in WordPress in such situations. You should try it first. If you still have not satisfying results (i.e. you still can’t upload a file of certain type) then it may mean some MIME table changes made by either your plugin or theme or even a nasty bug in WordPress itself.

In all cases, using must-use plugin with some small filter should solve the problem.

Allowed upload file types

First step is to make yourself 200% sure that you have added corresponding file extension to the list of allowed file types:

Because, otherwise your upload will be blocked by the very own nature of WordPress.

Enable upload of all files

If above doesn’t solve your problem then add:


to wp-config.php file and copy updated version over FTP.

This should disable all MIME-checking magic in WordPress and allow you (at least in theory) to upload any type of file. In theory. In practice there are certain situations, in which this isn’t working at all.

In both scenarios (i.e. it is and it isn’t working) remember to disable or remove this flag from your wp-config.php file once you’re done (with your tests or actual file uploads). Always consider it as a temporal solution. Keeping MIME-type checking in WordPress permanently disabled may be considered a security risk.

Custom filter inside a must-use plugin

Create a file containing:

//The following goes in a themes functions file or a custom hooks plugin

function so_387865_custom_upload_mimes ( $existing_mimes ) {
    $existing_mimes['epub'] = 'application/epub+zip';
    $existing_mimes['mobi'] = 'application/x-mobipocket-ebook';
    return $existing_mimes;
add_filter('upload_mimes', 'so_387865_custom_upload_mimes');

Alter $existing_mimes array above to match your file MIME-type and extension.

Copy this file over FTP to /wp-content/mu-plugins/ folder in your installation of WordPress. If the folder doesn’t exist, just create it.

Source: WordPress Stack Exchange answer + GitHub Gist.

Leave a Reply