Add & Remove File Types in WordPress Media Library

When trying to upload a file in WordPress, you might see the error message,

“Sorry, this file type is not permitted for security reasons.”

By default, WordPress only allows you to upload certain filetypes. Most common file types for images & Microsoft Office documents are allowed (jump down to the full list). But let’s take a look at how to add additional file types in the WordPress Media Library. We’ll also cover removing file types, as well as take a quick look at file types for WordPress Multisite.

  1. Add file types
  2. Remove file types
  3. Code Samples
  4. WordPress allowed file types list
  5. Allowed file types on Multisite

NOTE: Managing allowed file types in WordPress via a plugin: There are a few WordPress plugins to achieve this, but they haven’t been updated in over 2 years, and I would not recommend them.

First we’ll add file types, and then for more fine-grained control, we’ll show you how to remove them.

As with most functionality enhancements to WordPress, there are two places you could put this code:

  • a custom functionality plugin (recommended) -or-
  • your theme (or child theme’s) functions.php file

How to Add Allowed File Types to WordPress Media Library

Adding a single file type looks like this:

function my_mime_types($mime_types){
    $mime_types['zip'] = 'application/zip';
    return $mime_types;
add_filter('upload_mimes', 'my_mime_types', 1, 1);

In this example, zip is the file extension and application/zip is the MIME type. Here’s a full list to help you find the MIME type for your file extension.

You can also add multiple file types:

function my_mime_types($mime_types){
    $mime_types['zip'] = 'application/zip';
    $mime_types['tiff'] = 'image/tiff';
    $mime_types['bmp'] = 'image/bmp';
    return $mime_types;
add_filter('upload_mimes', 'my_mime_types', 1, 1);

More about the upload_mimes filter on Codex »

How to Remove File Types from the WordPress Media Library

To remove default file types allowed by WordPress, we use the unset function.

function my_mime_types($mime_types){
    unset($mime_types['pdf']); // Removes the .pdf extension
    return $mime_types;
add_filter('upload_mimes', 'my_mime_types', 1, 1);

You can add & remove file types all in the same code block. Just list each file type (addition or removal) on its own line.

Code Samples

Here’s a bunch of file types you might want to add, all compiled into one function. You can copy the whole thing & just delete what you don’t need. I’ve figured out all the MIME types for you already :-)

Please be careful allowing any type of executable or script. There is inherent risk with allowing these types of files.

function my_mime_types($mime_types){
    $mime_types['zip'] = 'application/zip';
    $mime_types['rar'] = 'application/x-rar-compressed';
    $mime_types['tar'] = 'application/x-tar';
    $mime_types['gz'] = 'application/x-gzip';
    $mime_types['gzip'] = 'application/x-gzip';
    $mime_types['tiff'] = 'image/tiff';
    $mime_types['tif'] = 'image/tiff';
    $mime_types['bmp'] = 'image/bmp';
    $mime_types['svg'] = 'image/svg+xml';
    $mime_types['psd'] = 'image/vnd.adobe.photoshop';
    $mime_types['ai'] = 'application/postscript';
    $mime_types['indd'] = 'application/x-indesign'; // not official, but might still work
    $mime_types['eps'] = 'application/postscript';
    $mime_types['rtf'] = 'application/rtf';
    $mime_types['txt'] = 'text/plain';
    $mime_types['wav'] = 'audio/x-wav';
    $mime_types['csv'] = 'text/csv';
    $mime_types['xml'] = 'application/xml';
    $mime_types['flv'] = 'video/x-flv';
    $mime_types['swf'] = 'application/x-shockwave-flash';
    $mime_types['vcf'] = 'text/x-vcard';
    $mime_types['html'] = 'text/html';
    $mime_types['htm'] = 'text/html';
    $mime_types['css'] = 'text/css';
    $mime_types['js'] = 'application/javascript';
    $mime_types['ico'] = 'image/x-icon';
    $mime_types['otf'] = 'application/x-font-otf';
    $mime_types['ttf'] = 'application/x-font-ttf';
    $mime_types['woff'] = 'application/x-font-woff';
    $mime_types['ics'] = 'text/calendar';
    return $mime_types;

add_filter('upload_mimes', 'my_mime_types', 1, 1);

Developers: To see WordPress’ full list of file types, open wp-includes/functions.php and search for “function wp_get_mime_types”.

List of WordPress Accepted File Types

NOTE: Even though WordPress allows it, your web hosting company might not. If you cannot upload a file on this list, please contact your web host.


  • .jpg, .jpeg
  • .png
  • .gif
  • .ico (favicons)


  • .pdf (Adobe Acrobat Portable Document Format)
  • .doc, .docx (Microsoft Word Document)
  • .ppt, .pptx, .pps, .ppsx (Microsoft Powerpoint Presentation)
  • .xls, .xlsx (Microsoft Excel Spreadsheet)
  • .odt (OpenDocument Text Document)
  • .psd (Adobe Photoshop Document)


  • .mp3
  • .m4a
  • .ogg
  • .wav


  • .mp4, .m4v (aka: MPEG-4)
  • .mov (QuickTime)
  • .wmv (Windows Media Video)
  • .avi
  • .mpg
  • .ogv (aka: Ogg)
  • .3gp (aka: 3GPP)
  • .3g2 (aka: 3GPP2)

See the WordPress Codex for the most current list.

WordPress Multisite Allowed File Types

Allowed file types for WordPress Multisite are a little different. Once you create Network, you can change the permitted file types from the Network Settings screen. This will globally allow or disallow certain files from being added to the WordPress Media Library.

Each file type should be separated by a space. Just add or remove the file types you want to change. This will make the change for all users across your entire network (who have the capability to upload files). Here’s a list of the default allowed file types for WordPress Multisite:

  • jpg
  • jpeg
  • png
  • gif
  • mov
  • avi
  • mpg
  • 3gp
  • 3g2
  • midi
  • mid
  • pdf
  • doc
  • ppt
  • odt
  • pptx
  • docx
  • pps
  • ppsx
  • xls
  • xlsx
  • key
  • mp3
  • ogg
  • wma
  • m4a
  • wav
  • mp4
  • m4v
  • webm
  • ogv
  • wmv
  • flv

If you have any questions regarding uploading file types to your WordPress Media Library, please let me know in the comments.

11 Commentson "Add & Remove File Types in WordPress Media Library"

  1. /

    Just wanted to say thank you. Easy to follow and accomplished in minutes :)

    → Reply
    1. (Author) /

      You’re welcome, Stacy :-) Thanks for the feedback!

  2. /

    I am on network site and creating a plugin. By using plugin i am restricting a user by using above i want the user to don’t upload audio/video format files. but code not working….

    function my_mime_types($mime_types){
    unset($mime_types['mp3']); // Removes the .pdf extension
    return $mime_types;
    add_filter('upload_mimes', 'my_mime_types', 1, 1);

    → Reply
  3. /

    Hi there,
    When I upload pdfs they appear as code in the viewer.
    However, they download correctly…what am I doing wrong?

    → Reply
    1. (Author) /

      Hi Giulietta — Are you using the latest version of WordPress? One of the recent releases added the ability to see a preview image for PDF files. So…

      1) Try updating to WordPress 4.9.4
      2) It could be a plugin conflict. Do you have any plugins that impact the Media Library?
      3) Does the filename end in .pdf? When you click on the file in the Media Library, in the top-right corner next to File type:, does it say application/pdf?
      4) It could be a setting with your hosting company, too. Have you checked with them?

  4. /

    Hi Dave,
    This works perfectly until I try to upload .otf files whereby it gives the same error as before: Sorry, this file type is not permitted for security reasons.

    → Reply
    1. (Author) /

      Hi Fran — I just tested out an .otf file on one of my WordPress installations, and I was not able to upload it either. I got the same message. It does appear that even using this code to add support for .otf, WordPress still does not allow that file type.

      I’m not sure exactly why that’s the case, but it could be because it’s not used by browsers any more. Can I ask why you need to upload an .otf file?

      To use a custom font on your website, here’s a list of the browsers that use which file types:

      • Chrome, Firefox, Edge, Safari iOS: .woff2 or .woff
      • Some older versions of iOS & Android: .ttf
      • Legacy iOS: .svg
      • IE 6-11: .eot

      All of those file formats are faster and more performant than .otf files, and you can achieve full browser support without the use of .otf.

  5. /

    Hi Dave,
    I see you are helpful all over the web! :)
    Came across this old article of yours, not sure if you are still servicing it?
    I tried the snippet for removing Video Media type uploads but it doesn’t seem to work. Any ideas?
    P.S. I tried adjusting the priority to delay it so its fires last, but still didn’t seem to work.
    Any advice is much appreciated.

    → Reply
    1. (Author) /

      Hi Nima — I haven’t looked at this code or updated it in quite a few years. I’m not sure if it still works and don’t have time right now to dig into it. Sorry.

  6. /

    Hey Dave. No problem at all. I managed to implement another solution which basically hides specified Gutenberg blocks. At least it makes it difficult for users to upload certain file types. Thanks anyway!

    → Reply

What Are Your Thoughts?

All fields are required. Your email will not be published.

You can use standard <code> and <pre> tags to post code examples, or a service like