This article describes the allowed file types of WordPress File Upload plugin.

After update of WordPress File Upload plugin to version 3.9.0, or newer, many users are getting an error “Upload failed! File not allowed.” which did not occur before.

screenshot102

This is caused by the new security policy of WordPress File Plugin, which affected the file types allowed to be uploaded. The change of policy occurred so that websites are better protected against hacking attempts, such as arbitrary file uploads.

According to the new policy, the default value *.* in Allowed File Extensions option of the plugin will not allow all file types to be uploaded, but only specific ones. As a best practice, administrators are strongly encouraged to define specific lists of allowed file types (whitelists) instead of leaving the generic *.* option.

screenshot103

However, even if administrators define a specific list of file extensions, it is not certain that all will be allowed. This is because the plugin keeps a list of forbidden file extensions (blacklist) and will check first if any of the specified extensions is in the blacklist and if yes it will reject them.

To find out if a specific file extension is allowed by default, or needs to be explicitly defined through Allowed File Extensions option or it is forbidden, type it in the textbox below and press Check button.



 

Allowed File Types of WordPress File Upload Plugin

14 thoughts on “Allowed File Types of WordPress File Upload Plugin

  • Hi,

    I’m using the free version and considering pro version I have this issue:

    I can’t modify the allowed types. If I try for example: “*.*,*.png” or even: “*.png”. It still gives me error.

    Also the “CHECK” button on this page doesn’t do anything.

    Kind regards

    B

    1. Hi, first of all there is no need to declare *.png, because it is included in the allowed file extensions already (the *.* pattern). So, the problem is somewhere else. Do the files you are trying to upload contain more than one dot (.) in their filenames?

      Regards

      Nickolas

  • Thanks for the fantastic plugin!

    Managed to get most of my files to work once added to the whitelist, but having trouble with *.ld files (lower case “L”). These are files spooled by race telemetry applications and sensors. We can upload them in .rar format but any particular reason these are natively prevented?

    1. Hi, .ld files are included in the blacklist, because they may contain executable code. Nevertheless there is a way to add an exclusion. Please do the following:

      1. Go to Dashboard / Settings / WordPress File Upload / Hooks and add a new Hook.
      2. Give it any title you want.
      3. Put the following code in the Code box:

      global $wfu_extension_blacklist;
      if ( isset($wfu_extension_blacklist["ld"]) ) unset($wfu_extension_blacklist["ld"]);

      4. Set Status to Active and Save.
      5. Add extension *.ld to the list of Allowed File Extensions of the shortcode.

      You are done.

      Regards

      Nickolas

      1. Hi, go to Advanced tab in plugin’s area in Dashboard, locate option Wildcard Asterisk Mode and set it to loose. This will allow files with many dots.

        Regards

        Nickolas

  • The issue I’m having is that file types that have a “-” in them or a “_” or a space or don’t have a file extension are all not allowed. This is a problem because smartphones automatically add many of those characters. e.g.” file-name.jpg”, “file_name.jpeg”, “file name.jpg” or “filename” all do not work for me.

Leave a Reply

Your email address will not be published. Required fields are marked *