WooCommerce: Fix “Sorry, This File Type Is Not Permitted for Security Reasons” For Downloadable Products

In WordPress, you get the “Sorry, This File Type Is Not Permitted for Security Reasons” error when you try to upload certain files to the Media library. Similarly, in WooCommerce you may get the same error when you try to upload a downloadable product download files.

Why is that? Well, by default WordPress only allows certain file extensions to be uploaded to the site. For example PNG, JPG, PDF, PPT, DOC, MP3 and MP4 are within the allowed file types – the reason being they are “safe” and won’t contain malicious code that could create problems within a WordPress install.

The thing is – I’ve started selling my first downloadable product (a mini-plugin) here on Business Bloomer and I needed to upload a ZIP file (the mini-plugin), a JSON file (a Code Snippet export file for those who don’t like plugins) and a TXT file (the plugin’s raw code for those who like to play with PHP). All went smoothly for the ZIP upload, but as soon as I tried uploading the JSON and TXT files I got the “Sorry, This File Type Is Not Permitted for Security Reasons” error.

Panic? Not really. It’s only a matter of finding the right code to change this default WordPress behavior. So, say hello to the “upload_mimes” filter, which allows us to do just that. Enjoy!

Without the snippet below, when I tried uploading a JSON file and a TXT file as Downloadable Files, I got the “Sorry, This File Type Is Not Permitted for Security Reasons” error.

PHP Snippet: Allow Any File Extension Upload @ WooCommerce Downloadable Product / WordPress Media Library

In the snippet below I’m allowing both JSON and TXT file uploads to WordPress. The first snippet tells WordPress to allow them, the second part is another requirement for certain file extensions as WordPress runs a validation upon Media upload and we need to make sure JSON and TXT are covered.

/**
 * @snippet       Fix "Sorry File Type Not Permitted" @ WooCommerce Downloadable Product + WordPress Media Library
 * @how-to        Get CustomizeWoo.com FREE
 * @author        Rodolfo Melogli
 * @compatible    WooCommerce 5
 * @community     https://businessbloomer.com/club/
 */

add_filter( 'upload_mimes', 'bbloomer_custom_mime_types' );

function bbloomer_custom_mime_types( $mimes ) {
	if ( current_user_can( 'manage_woocommerce' ) ) {
		$mimes['txt'] = 'text/plain';
		$mimes['json'] = 'text/plain';
	}
	return $mimes;
}

add_filter( 'wp_check_filetype_and_ext', 'bbloomer_correct_filetypes', 10, 5 );

function bbloomer_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {
    if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
      return $data;
    }
    $wp_file_type = wp_check_filetype( $filename, $mimes );
    if ( 'json' === $wp_file_type['ext'] ) {
		$data['ext']  = 'json';
		$data['type'] = 'text/plain';
    } elseif ( 'txt' === $wp_file_type['ext'] ) {
		$data['ext']  = 'txt';
		$data['type'] = 'text/plain';
    }
    return $data;
}

Where to add custom code?

You should place custom PHP in functions.php and custom CSS in style.css of your child theme: where to place WooCommerce customization?

This code still works, unless you report otherwise. To exclude conflicts, temporarily switch to the Storefront theme, disable all plugins except WooCommerce, and test the snippet again: WooCommerce troubleshooting 101

Related content

  • WooCommerce: Add a Custom Download File @ My Account
    If you sell no downloadable products, the Downloads section of the WooCommerce My Account page will always be empty (in this case, you should completely hide the My Account Download tab). Besides, if you do sell downloadable products but customers never purchased such items, the same will happen. So, what if you wanted to grant […]
  • WooCommerce: Fix WP Memory Limit issue
    WordPress automatically limits your PHP memory to 40MB. This may result in your WooCommerce website being slow to process information, searches, product uploading and so on.
  • WooCommerce: Get List of Downloadable Products (PHP)
    When you’re doing custom PHP work, this snippet will come in handy. It’s a quick way to get a sub-list of product IDs based on product meta criteria – in this case we’ll get a list of products that have “_downloadable” set to “yes” (which, in plain English, means they are “downloadable“). Of course, you […]
  • upload-max-file-size wordpressWooCommerce: “uploaded file exceeds the upload_max_filesize” Error
    You may have seen this error at least once, if you have used WordPress. When installing a theme, plugin or uploading a image or file, you may find this dreaded message on your screen. Well, it has nothing to do with themes or plugins. The issue is with your server settings which limit the maximum […]
  • WooCommerce: Email Admin Upon Fatal Error
    WooCommerce has a nice feature when it comes to WordPress Error 500 / Fatal Error – it logs the error and all the information regarding it inside the WooCommerce Status > Logs > Fatal Errors area. My problem is that sometimes these errors occur in the backend, so they may not trigger the WordPress built-in […]

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

14 thoughts on “WooCommerce: Fix “Sorry, This File Type Is Not Permitted for Security Reasons” For Downloadable Products

  1. Great help! Somehow I read over a few tingies I gues. Finally get everything working the way you intended when writing the code! Thanks! But now I stumble across a new problem selling downloadable maps on our site. Everything works great when adding to cart and paying but ….

    Then the invoice and download link, keep persisting giving an error ‘Invalid download link. Return to shop’. Been trying to figure it out all day and yesterday evening, it sees to be an error that e few woocommerce users have but I can’t seem to find a real solution. Tried most but re-installing the entire site … De-activated all plug-ins with no luck. It seems Woocommerce doesn’y give out a valid downloadable link … also the purchase of the downloads does not show up in the Download list (even tough the invoices are there, with download links)

    Do you have any idea??? Getting desperate …
    Kind regards,
    Benjamin

    1. What is the file extension?

  2. Hey, I have successfully changed the file type for the downloadable file, but since it’s been updated it’s not showing the option to download the file on email which sends after order processing. Any idea why that would be?

    Thanks in advance.

    1. Not 100% sure. Did you change file name since?

  3. Hello,
    Looking for tutorials on how to be able to sell dowloadable .KML & .KMZ files for our metal detecting club. I stumbled over your site and, using your lessons, I’ve came up with this:

     
    add_filter( 'upload_mimes', 'bbloomer_custom_mime_types' );
     
    function bbloomer_custom_mime_types( $mimes ) {
       if ( current_user_can( 'manage_woocommerce' ) ) {
          $mimes['kml'] = 'application/vnd.google-earth.kml+xml; application/google-earth.kml+xml; application/xml';
          $mimes['kmz'] = 'application/vnd.google-earth.kml+xml; application/google-earth.kml+xml; application/xml';
       }
       return $mimes;
    }
     
    add_filter( 'wp_check_filetype_and_ext', 'bbloomer_correct_filetypes', 10, 5 );
     
    function bbloomer_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {
        if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
          return $data;
        }
        $wp_file_type = wp_check_filetype( $filename, $mimes );
        if ( 'kmz' === $wp_file_type['ext'] ) {
          $data['ext']  = 'kmz';
          $data['type'] = 'text/plain';
        } elseif ( 'kml' === $wp_file_type['ext'] ) {
          $data['ext']  = 'kml';
          $data['type'] = 'text/plain';
        }
        return $data;
    }
    
    

    But now I'm still not allowed to use the kml/kmz files. So big question for me is where the heck did I go wrong?
    Kind regards and thanks for a great tutorial site!
    Benjamin

    1. Couple of things. Try using ‘application/vnd.google-earth.kml+xml’ only in the first part (source). Also, in the second snippet, both $data[‘type’] also need to match what you’ve entered in the first snippet! Let me know

      1. Hello,
        Feeling stupid as … ! why can’t I get this simple snippet to work. Been testing and trying but always the same result … a list of allowed file types but still excluding the wanted KML file ….
        Am not sure what you meant only using the ‘application …’ in the source part?
        Like I said, been testing and trying untill my site came upp with a critical error after installling Waymark (Wanted to see what made that work). Fortunately it works again but also removed the last version I tried, that also didn’t do the trick

        add_filter( 'upload_mimes', 'bbloomer_custom_mime_types' );
         
        function bbloomer_custom_mime_types( $mimes ) {
           if ( current_user_can( 'manage_woocommerce' ) ) {
              $mimes['kml'] = 'application/vnd.google-earth.kml+xml';
              $mimes['kmz'] = 'application/vnd.google-earth.kmz';\
           }
           return $mimes;
        }
         
        add_filter( 'wp_check_filetype_and_ext', 'bbloomer_correct_filetypes', 10, 5 );
         
        function bbloomer_correct_filetypes( $data, $file, $filename, $mimes, $real_mime ) {
            if ( ! empty( $data['ext'] ) && ! empty( $data['type'] ) ) {
              return $data;
            }
            $wp_file_type = wp_check_filetype( $filename, $mimes );
            if ( 'kml' === $wp_file_type['ext'] ) {
              $data['ext']  = 'kml';
              $data['type'] = 'application/vnd.google-earth.kml+xml';
            } elseif ( 'kmz' === $wp_file_type['ext'] ) {
              $data['ext']  = 'kmz';
              $data['type'] = 'application/vnd.google-earth.kmz';
            }
            return $data;
        }

        It was this that made the error btw ….
        At least I’ve got the posting here right this time ๐Ÿ˜‰

        What is your hourly rate so you can solve the selling of the KML files for my club? Maybe the easiest for the both of us … ๐Ÿ˜›

        1. Hey Ben!

          You’ve got a left over slash at the end here:

          $mimes['kmz'] = 'application/vnd.google-earth.kmz';\

          Try remove that

          1. Good morning to you,
            It caused the error but correcting it didn’t do the trick solving it. I still can’t pick a KML or KMZ file.

            I’ve also tried to add the line

            define( 'ALLOW_UNFILTERED_UPLOADS', true );

            to my config file, so that I could try to download the KML file and picking it in the media library. The uppload worked when in my media library (off course) but still can’t choose the file in Woocommerce …

            1. Made it work but …
              I’ve added

              //Added Benjamin//
              			'kml'						   => 'application/vnd.google-earth.kml+xml',
                    		'kmz'						   => 'application/vnd.google-earth.kmz',

              to the functions.php file in the wp-includes map after finding this post.
              “For KML/KMZ files to be properly supported, you’ll have to use text/xml and application/zip instead, because WordPress compares the declared MIME type to the ‘real’ detected MIME type (see function wp_check_filetype_and_ext in wp-includes/functions.php for more details)”
              So i think it isn’t the proper way since it will be gone by the next update

              1. Yes, that will be overwritten next time you update WordPress. That same function, however, has a filter:

                apply_filters( 'wp_check_filetype_and_ext', compact( 'ext', 'type', 'proper_filename' ), $file, $filename, $mimes, $real_mime );

                That means you can edit the contents without overriding core files. Maybe the solution is there – let me know!

                1. Where should i put that line? Should I put it together with the two previous lines in my child functions then?

                  1. Sorry for the delay Ben. Can you paste here the whole wp_check_filetype_and_ext() with the code you added, so I can give you back a snippet?

                    1. Thanks Ben. I’ve actually tried again your code as per https://www.businessbloomer.com/woocommerce-fix-sorry-file-type-not-permitted/#comment-484406 and I can definitely upload a KML file as a WooCommerce product download. No error whatsoever (once you remove that slash we were talking about).

                      If you can’t upload KML files when that snippet is active, there is something at server level that is blocking the upload. Please talk to your hosting and see what they say.

                      Also, try disabling ALL plugins but WooCommerce and try again, that would exclude plugin conflicts. Let me know

Questions? Feedback? Customization? Leave your comment now!
_____

If you are writing code, please wrap it like so: [php]code_here[/php]. Failure to complying with this, as well as going off topic or not using the English language will result in comment disapproval. You should expect a reply in about 2 weeks - this is a popular blog but I need to get paid work done first. Please consider joining the Business Bloomer Club to get quick WooCommerce support. Thank you!

Your email address will not be published. Required fields are marked *