Do you want to allow additional file types to be uploaded to your forms? Allowing more file formats to be uploaded to your site can provide more convenience for y'all and your users.

In this tutorial, nosotros'll show you how to add together different file extensions, without compromising the security of your site.

  • File Types Allowed By Default
  • Adding Additional File Upload Types
    • Using Preset File Types
    • Adding Custom File Types
    • Assuasive Multiple MIME Types
  • Tips for Securing WordPress File Uploads
  • Frequently Asked Questions

Notation: Are yous looking for instructions on creating a file upload form? So be sure to check out our guide to the File Upload field for all the details.

File Types Allowed Past Default

For security reasons, WordPress only allows certain types of files. The default file formats include:

  • Images like .png, .gif, .jpg
  • Documents such as .doc, .xls, .ppt, .pdf
  • Audio like .wav, .mp3, .mp4
  • Video like .mpg, .mov, .wmv

Please note that some of the file types below do have the potential to be misused. That's why WordPress doesn't enable them by default.

  • Images such as .svg, .bmp
  • Documentssimilar .psd, .ai, .pages
  • Code files such as .css, .js, .json
  • Video like .flv, .f4l, .qt

Adding Additional File Upload Types

To configure your site to accept additional file formats, you lot'll need to install File Upload Types, a free WordPress plugin by WPForms.

Note: For details on how to add a plugin to your site, be sure to cheque out WPBeginner'south guide on installing plugins.

Using Preset File Types

Once you've installed the File Upload Types plugin, in your WordPress admin expanse go to Settings » File Upload Types.

File upload types page

On this folio, you can add preset file types by checking the box adjacent to the file type.

Enable extension checkbox

Once you've selected the file types you lot'd similar to add, click the Save Settings push to relieve your changes.

Click save settings button preset file

Adding Custom File Types

If you lot'd like to include a file format that is non institute in the preset list, you tin add your own.

To do this, roll down to the Add together CUSTOM FILE TYPES section. Then, y'all'll need to specify a file format. This is washed through 3 fields:

  • File Description: The name of the file type. This volition only be visible in your File Upload Types settings, so you lot tin can add any details that brand sense to yous.
  • MIME Type: The category and data type represented past the new file blazon.
  • Extension: The extension type that will be associated with this file (due east.one thousand., .jpg, .docx, etc.).

Note: MIME is a form of file identification on the web. For more details on MIME, you lot tin check out Mozilla'southward documentation for a consummate list of common MIME types. To decide what MIME type a file is, you tin utilize an online file checker.

Add custom file types section

As an example, here are the fields with the data for a YAML file type:

YAML file extension

Y'all tin can also add multiple custom file types by clicking on the plus (+) icon. If you'd like to remove a file type, click the trash can icon.

Plus and trash icons

Once you've filled in all these details, click on the Salvage Settings button to apply the settings to your site.

Click save settings button

Allowing Multiple MIME Types

If you're adding a file type that has several aliases or possible MIME types, yous can besides add together these into the MIME Types field. This is especially helpful to ensure the proper uploading of files that may accept the same extension, but different MIME types.

Note: If you're not sure if your file type has aliases, you tin check out this reference guide for a fractional list.

In order to use this feature, you lot'll need to click the Enable multiple MIME blazon support option within the plugin.

Enable multiple MIME type support

Annotation: If you don't see this banner in your plugin, this ways this option is already enabled on your site.

One time you've enabled this feature, yous tin and then add aliases to the MIME Type field, separating each type by a comma.

For example, we'll add together the application/photoshop, awarding/psd, and image/photoshop aliases for a Photoshop file:

Photoshop file example

In one case those settings are added, brand certain to click the Save Settings push button to apply the settings to your site.

Click save settings photoshop file example

Tips for Securing WordPress File Uploads

It may be convenient to allow users to upload all sorts of file formats, notwithstanding, this can lead to security bug. Y'all can go along your site more than secure while allowing for specific upload types by following these tips:

  • Requiring users to be registered and logged in to submit your form.
  • Limiting file upload types to but those that you lot actually need.
  • Limiting the file upload size.

Oft Asked Questions

I added my additional file blazon, only I'thou still seeing the following error:

File type non allowed

In this case, you'll desire to exist certain that the file you're trying to upload has a MIME blazon that matches the ane you lot've added to your site. You can rapidly and easily check your file'due south MIME type to exist sure its type matches.

If your MIME type matches and nonetheless won't upload, it'due south important to know that WPForms does blacklist certain file types. Some file types volition exist blocked from being uploaded, even if they've been added using the File Upload Types plugin. The consummate list of file types are:

ade adp app asp
bas bat cer cgi
chm com cpl crt
csh csr dll drv
exe fxp flv hlp
hta htaccess htm html
htpasswd inf ins isp
jar js jse jsp
ksh lnk mdb mde
mdt mdw msc msi
msp mst ops pcd
php pif pl prg
ps1 ps2 py rb
scr sct sh shb
shs swf tmp torrent
url vb vbe vbs
vbscript wsc wsf wsh
dfxp onetmp

That's it! You can now allow users to upload boosted file types using your file upload course.

Practice you desire more tips for securing your site? Then exist sure to check out our complete guide to WPForms security for all the details.