This article describes the allowed file types of WordPress File Upload plugin.

After update of WordPress File Upload plugin to version 3.9.0, or newer, many users are getting an error “Upload failed! File not allowed.” which did not occur before.


This is caused by the new security policy of WordPress File Plugin, which affected the file types allowed to be uploaded. The change of policy occurred so that websites are better protected against hacking attempts, such as arbitrary file uploads.

According to the new policy, the default value *.* in Allowed File Extensions option of the plugin will not allow all file types to be uploaded, but only specific ones. As a best practice, administrators are strongly encouraged to define specific lists of allowed file types (whitelists) instead of leaving the generic *.* option.


However, even if administrators define a specific list of file extensions, it is not certain that all will be allowed. This is because the plugin keeps a list of forbidden file extensions (blacklist) and will check first if any of the specified extensions is in the blacklist and if yes it will reject them.

To find out if a specific file extension is allowed by default, or needs to be explicitly defined through Allowed File Extensions option or it is forbidden, type it in the textbox below and press Check button.


Allowed File Types of WordPress File Upload Plugin

20 thoughts on “Allowed File Types of WordPress File Upload Plugin

  • Hi,

    I’m using the free version and considering pro version I have this issue:

    I can’t modify the allowed types. If I try for example: “*.*,*.png” or even: “*.png”. It still gives me error.

    Also the “CHECK” button on this page doesn’t do anything.

    Kind regards


    1. Hi, first of all there is no need to declare *.png, because it is included in the allowed file extensions already (the *.* pattern). So, the problem is somewhere else. Do the files you are trying to upload contain more than one dot (.) in their filenames?



  • Thanks for the fantastic plugin!

    Managed to get most of my files to work once added to the whitelist, but having trouble with *.ld files (lower case “L”). These are files spooled by race telemetry applications and sensors. We can upload them in .rar format but any particular reason these are natively prevented?

    1. Hi, .ld files are included in the blacklist, because they may contain executable code. Nevertheless there is a way to add an exclusion. Please do the following:

      1. Go to Dashboard / Settings / WordPress File Upload / Hooks and add a new Hook.
      2. Give it any title you want.
      3. Put the following code in the Code box:

      global $wfu_extension_blacklist;
      if ( isset($wfu_extension_blacklist["ld"]) ) unset($wfu_extension_blacklist["ld"]);

      4. Set Status to Active and Save.
      5. Add extension *.ld to the list of Allowed File Extensions of the shortcode.

      You are done.



      1. Is Hooks and add new a new Hook only availble in the PRO?
        I’d like to gain access to the blacklist on my server.

        I’m trying to add a .ino file or a .py file


        1. Yes Hooks is a feature of the Pro version, however you can gain access to the blacklist and customize it by adding the following code at the end of functions.php file of your theme:

          global $wfu_extension_blacklist;
          if ( isset($wfu_extension_blacklist["ino"]) ) unset($wfu_extension_blacklist["ino"]);
          if ( isset($wfu_extension_blacklist["py"]) ) unset($wfu_extension_blacklist["py"]);



          1. I tried adding to the end of functions.php of my theme, and also at the wfu_functions.php. But still the upload of exe and zip files comes back with “not allowed”.

            What am I missing (free version of the plugin)

            global $wfu_extension_blacklist;
            if ( isset($wfu_extension_blacklist[“exe”]) ) unset($wfu_extension_blacklist[“exe”]);
            if ( isset($wfu_extension_blacklist[“zip”]) ) unset($wfu_extension_blacklist[“zip”]);

          2. Sorry, I forgot to mention, you also need to set Allowed File Extensions in the shortcode accordingly, e.g. it should be *.*, *.exe, *.zip


      2. I get “Hook has been saved but cannot be activated because the code contains errors. Please check its syntax.” error when adding this into a new hook. What gives?

        1. Go to Settings and activate option “ModSecurity Restrictions”. Then go back to the hook and activate it. Maybe this will fix the problem.


      1. Hi, go to Advanced tab in plugin’s area in Dashboard, locate option Wildcard Asterisk Mode and set it to loose. This will allow files with many dots.



  • The issue I’m having is that file types that have a “-” in them or a “_” or a space or don’t have a file extension are all not allowed. This is a problem because smartphones automatically add many of those characters. e.g.” file-name.jpg”, “file_name.jpeg”, “file name.jpg” or “filename” all do not work for me.

Leave a Reply

Your email address will not be published. Required fields are marked *