WooCommerce: Fix “Sorry, This File Type Is Not Permitted for Security Reasons” For Downloadable Products

In WordPress, you get the “Sorry, This File Type Is Not Permitted for Security Reasons” error when you try to upload certain files to the Media library. Similarly, in WooCommerce you may get the same error when you try to upload a downloadable product download files.

Why is that? Well, by default WordPress only allows certain file extensions to be uploaded to the site. For example PNG, JPG, PDF, PPT, DOC, MP3 and MP4 are within the allowed file types – the reason being they are “safe” and won’t contain malicious code that could create problems within a WordPress install.

The thing is – I’ve started selling my first downloadable product (a mini-plugin) here on Business Bloomer and I needed to upload a ZIP file (the mini-plugin), a JSON file (a Code Snippet export file for those who don’t like plugins) and a TXT file (the plugin’s raw code for those who like to play with PHP). All went smoothly for the ZIP upload, but as soon as I tried uploading the JSON and TXT files I got the “Sorry, This File Type Is Not Permitted for Security Reasons” error.

Panic? Not really. It’s only a matter of finding the right code to change this default WordPress behavior. So, say hello to the “upload_mimes” filter, which allows us to do just that. Enjoy!

Without the snippet below, when I tried uploading a JSON file and a TXT file as Downloadable Files, I got the “Sorry, This File Type Is Not Permitted for Security Reasons” error.

PHP Snippet: Allow Any File Extension Upload @ WooCommerce Downloadable Product / WordPress Media Library

In the snippet below I’m allowing both JSON and TXT file uploads to WordPress. The first snippet tells WordPress to allow them, the second part is another requirement for certain file extensions as WordPress runs a validation upon Media upload and we need to make sure JSON and TXT are covered.

/**
 * @snippet       Fix "Sorry File Type Not Permitted" @ WooCommerce Downloadable Product + WordPress Media Library
 * @how-to        Get CustomizeWoo.com FREE
 * @author        Rodolfo Melogli
 * @compatible    WooCommerce 5
 * @donate $9     https://businessbloomer.com/bloomer-armada/
 */

add_filter( 'upload_mimes', 'bbloomer_custom_mime_types' );

function bbloomer_custom_mime_types( $mimes ) {
	if ( current_user_can( 'manage_woocommerce' ) ) {
		$mimes['txt'] = 'text/plain';
		$mimes['json'] = 'text/plain';
	}
	return $mimes;
}

add_filter( 'wp_check_filetype_and_ext', 'bbloomer_correct_filetypes', 10, 5 );

function bbloomer_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {
    if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
      return $data;
    }
    $wp_file_type = wp_check_filetype( $filename, $mimes );
    if ( 'json' === $wp_file_type['ext'] ) {
		$data['ext']  = 'json';
		$data['type'] = 'text/plain';
    } elseif ( 'txt' === $wp_file_type['ext'] ) {
		$data['ext']  = 'txt';
		$data['type'] = 'text/plain';
    }
    return $data;
}

Where to add this snippet?

You can place PHP snippets at the bottom of your child theme functions.php file (delete "?>" if you have it there). CSS, on the other hand, goes in your child theme style.css file. Make sure you know what you are doing when editing such files - if you need more guidance, please take a look at my free video tutorial "Where to Place WooCommerce Customization?"

Does this snippet (still) work?

Please let me know in the comments if everything worked as expected. I would be happy to revise the snippet if you report otherwise (please provide screenshots). I have tested this code with Storefront theme, the WooCommerce version listed above and a WordPress-friendly hosting on PHP 7.3.

If you think this code saved you time & money, feel free to join 14,000+ WooCommerce Weekly subscribers for blog post updates or 250+ Business Bloomer supporters for 365 days of WooCommerce benefits. Thank you in advance :)

Need Help with WooCommerce?

Check out these free video tutorials. You can learn how to customize WooCommerce without unnecessary plugins, how to properly configure the WooCommerce plugin settings and even how to master WooCommerce troubleshooting in case of a bug!

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza.

12 thoughts on “WooCommerce: Fix “Sorry, This File Type Is Not Permitted for Security Reasons” For Downloadable Products

  1. Hey, I have successfully changed the file type for the downloadable file, but since it’s been updated it’s not showing the option to download the file on email which sends after order processing. Any idea why that would be?

    Thanks in advance.

    1. Not 100% sure. Did you change file name since?

  2. Hello,
    Looking for tutorials on how to be able to sell dowloadable .KML & .KMZ files for our metal detecting club. I stumbled over your site and, using your lessons, I’ve came up with this:

     
    add_filter( 'upload_mimes', 'bbloomer_custom_mime_types' );
     
    function bbloomer_custom_mime_types( $mimes ) {
       if ( current_user_can( 'manage_woocommerce' ) ) {
          $mimes['kml'] = 'application/vnd.google-earth.kml+xml; application/google-earth.kml+xml; application/xml';
          $mimes['kmz'] = 'application/vnd.google-earth.kml+xml; application/google-earth.kml+xml; application/xml';
       }
       return $mimes;
    }
     
    add_filter( 'wp_check_filetype_and_ext', 'bbloomer_correct_filetypes', 10, 5 );
     
    function bbloomer_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {
        if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
          return $data;
        }
        $wp_file_type = wp_check_filetype( $filename, $mimes );
        if ( 'kmz' === $wp_file_type['ext'] ) {
          $data['ext']  = 'kmz';
          $data['type'] = 'text/plain';
        } elseif ( 'kml' === $wp_file_type['ext'] ) {
          $data['ext']  = 'kml';
          $data['type'] = 'text/plain';
        }
        return $data;
    }
    
    

    But now I'm still not allowed to use the kml/kmz files. So big question for me is where the heck did I go wrong?
    Kind regards and thanks for a great tutorial site!
    Benjamin

    1. Couple of things. Try using ‘application/vnd.google-earth.kml+xml’ only in the first part (source). Also, in the second snippet, both $data[‘type’] also need to match what you’ve entered in the first snippet! Let me know

      1. Hello,
        Feeling stupid as … ! why can’t I get this simple snippet to work. Been testing and trying but always the same result … a list of allowed file types but still excluding the wanted KML file ….
        Am not sure what you meant only using the ‘application …’ in the source part?
        Like I said, been testing and trying untill my site came upp with a critical error after installling Waymark (Wanted to see what made that work). Fortunately it works again but also removed the last version I tried, that also didn’t do the trick

        add_filter( 'upload_mimes', 'bbloomer_custom_mime_types' );
         
        function bbloomer_custom_mime_types( $mimes ) {
           if ( current_user_can( 'manage_woocommerce' ) ) {
              $mimes['kml'] = 'application/vnd.google-earth.kml+xml';
              $mimes['kmz'] = 'application/vnd.google-earth.kmz';\
           }
           return $mimes;
        }
         
        add_filter( 'wp_check_filetype_and_ext', 'bbloomer_correct_filetypes', 10, 5 );
         
        function bbloomer_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {
            if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
              return $data;
            }
            $wp_file_type = wp_check_filetype( $filename, $mimes );
            if ( 'kml' === $wp_file_type['ext'] ) {
              $data['ext']  = 'kml';
              $data['type'] = 'application/vnd.google-earth.kml+xml';
            } elseif ( 'kmz' === $wp_file_type['ext'] ) {
              $data['ext']  = 'kmz';
              $data['type'] = 'application/vnd.google-earth.kmz';
            }
            return $data;
        }

        It was this that made the error btw ….
        At least I’ve got the posting here right this time 😉

        What is your hourly rate so you can solve the selling of the KML files for my club? Maybe the easiest for the both of us … 😛

        1. Hey Ben!

          You’ve got a left over slash at the end here:

          $mimes['kmz'] = 'application/vnd.google-earth.kmz';\

          Try remove that

          1. Good morning to you,
            It caused the error but correcting it didn’t do the trick solving it. I still can’t pick a KML or KMZ file.

            I’ve also tried to add the line

            define( 'ALLOW_UNFILTERED_UPLOADS', true );

            to my config file, so that I could try to download the KML file and picking it in the media library. The uppload worked when in my media library (off course) but still can’t choose the file in Woocommerce …

            1. Made it work but …
              I’ve added

              //Added Benjamin//
              			'kml'						   => 'application/vnd.google-earth.kml+xml',
                    		'kmz'						   => 'application/vnd.google-earth.kmz',

              to the functions.php file in the wp-includes map after finding this post.
              “For KML/KMZ files to be properly supported, you’ll have to use text/xml and application/zip instead, because WordPress compares the declared MIME type to the ‘real’ detected MIME type (see function wp_check_filetype_and_ext in wp-includes/functions.php for more details)”
              So i think it isn’t the proper way since it will be gone by the next update

              1. Yes, that will be overwritten next time you update WordPress. That same function, however, has a filter:

                apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes, $real_mime );

                That means you can edit the contents without overriding core files. Maybe the solution is there – let me know!

                1. Where should i put that line? Should I put it together with the two previous lines in my child functions then?

                  1. Sorry for the delay Ben. Can you paste here the whole wp_check_filetype_and_ext() with the code you added, so I can give you back a snippet?

                    1. Thanks Ben. I’ve actually tried again your code as per https://www.businessbloomer.com/woocommerce-fix-sorry-file-type-not-permitted/#comment-484406 and I can definitely upload a KML file as a WooCommerce product download. No error whatsoever (once you remove that slash we were talking about).

                      If you can’t upload KML files when that snippet is active, there is something at server level that is blocking the upload. Please talk to your hosting and see what they say.

                      Also, try disabling ALL plugins but WooCommerce and try again, that would exclude plugin conflicts. Let me know

Questions? Feedback? Support? Leave your Comment Now!
_____

If you are writing code, please wrap it between shortcodes: [php]code_here[/php]. Failure to complying with this (as well as going off topic, not writing in English, etc.) will result in comment deletion. You should expect a reply in about 2 weeks - this is a popular blog but I need to get paid work done first. Please consider joining BloomerArmada to get blog comment reply priority, ask me 1-to-1 WooCommerce questions and enjoy many more perks. Thank you :)

Your email address will not be published.