WordPress 4.7.1/4.7.2 Changes to Mime Types
In the security patch for WordPress 4.7.1 which was released in January 2017, a change to the way WordPress checks the file “mime type” for uploads was made, which may cause an error on uploads for some file types (specifically non-image files). Some users, especially those using custom plugins to add additional file types to the ones WordPress allows by default found here may experience an error when uploading:
“filename” has failed to upload.
Sorry, this file type is not permitted for security reasons.
Solution
There are a couple ways to fix this error:
- Add this line to the wp-config.php file, which allows the non-image uploads for administrators only: define( ‘ALLOW_UNFILTERED_UPLOADS’, true );
- Use a plugin that restores this ability, like this one: https://wordpress.org/plugins/disable-real-mime-check/
- Upload the files using SFTP instead
NOTE: we do NOT encourage or support downgrading WordPress to fix this issue, as the security patches for earlier versions of WordPress also contain this change.