Hack: Fixing the “Security Reasons” Media Upload Bug

There are lots of people complaining about trying to upload media to WordPress and getting a “Not Permitted For Security Reasons” error message. Sounds pretty serious, but what it actually means is that the file type is not on a list of allowed file types for upload. So if you are trying to upload an audio .m4a file, like I was this week, it doesn’t mean m4a files are security risks, just that the file type isn’t on the list of allowed types.

So, how to fix. Lots of people post about adding a line to your config file to allow uploads without filtering. This didn’t work for me. What did work was to add a bit of code to my functions.php file to add the file type to the list. You need to use the file extension and also the MIME type for the file. Servers understand MIME types. So if you don’t know the MIME type for a file, do a Google search like “MIME type m4a” and you usually find it pretty quickly. Here is my code to allow m4a files.

add_action('upload_mimes', 'enable_mimes');
function enable_mimes ($mimes = array()) {
	$mimes['m4a'] = 'audio/x-m4a';
	return $mimes;

Note that I originally guessed that the MIME type would be audio/m4a, but I was wrong. And WordPress (and my server) weren’t having it. So it is important to get those MIME types right!

One Reply to “Hack: Fixing the “Security Reasons” Media Upload Bug”

Leave a Reply

Your email address will not be published. Required fields are marked *