This is an UPDATE to snuff out all the whiny people that have been complaining about how this?‘old school fix’ isn’t the right way. When I wrote this it was around 5 years ago before wordpress had any nifty ways to get around this and before there were any cool plugins to solve the issue.
New ways
Thanks to @mikes comment… you can add this into your themes functions.php file which will allow text/x-vcard
add_filter(?upload_mimes?,'add_vcard_upload_support?));
function add_vcard_upload_support($mimes) {
$mimes['vcf|vcard'] = ?text/x-vcard?;
return $mimes;
Or you can just install a plugin like: http://wordpress.org/extend/plugins/pjw-mime-config/
Old way
Here’s how to fix the “WordPress File Type does not meet security guidelines” error you get from trying to upload certain files.
First find out what the mime type of the file you were trying to upload is. You can go to w3schools or mozdev
Write down the file type ie: (application/x-shockwave-flash, or video/x-m4v) you also need the extension ie: (swf or m4v)
For WP 2.0 and up open up the wp-includes/functions.php file and goto around line 1069 All you have to do is follow the coding conventions in there and add your file types you want. Because they use a foreach loop to go through all the listed file types you can add as many as you like as long as they follow the convention there. For older versions of WP I think the correct file is: wp-admin/admin-functions.php
Look for this:
function wp_check_filetype($filename, $mimes = null) {
// Accepted MIME types are set here as PCRE unless provided.
$mimes = is_array($mimes) ? $mimes : apply_filters('upload_mimes', array (
'vcf' => 'text/x-vcard',
'jpg|jpeg|jpe' => 'image/jpeg',
??'gif' => 'image/gif',
??'png' => 'image/png',
??'bmp' => 'image/bmp',
??'tif|tiff' => 'image/tiff',
Hi Darren
This is a possible fix, but it doesn’t make upgrading easier. You will have to backup your changes and apply them again after upgrading.
To my opinion, the pjw-mime-config is a more robust solution.
Also see http://blog.coomanskristof.be/2006/10/24/wordpress-upload-file-type-security-restrictions/
It’s always good to have more than one way to fix a problem! Thanks for the link Kristof.
Depending on the type of file you want to make available, you can also provide it as a ZIP file for download.
WordPress wouldn’t let me upload Photoshop actions or setting files, but once they were in a ZIP file they uploaded, displayed in “Browse All” and downloaded fine.
Obviously this is not a solution for things like videos that you want to display directly on your page, but since I found your blog while trying to solve this particular problem, I wanted to add it to the list.
@Louis
That is a possible fix for sure… but like you said I do a lot of video stuff and that was the reason I posted this, cause it’s really easy to fix and you don’t have to add any plugins… Thanks Louis.
I tried the PJW plugin for a while, but dropped that thing like a hot potato after it filled the blog options table with tens of thousands of duplicate entries containing those mimetypes.
@Ian B… I wonder if that plugin was broken after upgrading wordpress? I like my own code… means I know wtf is going on.
I tried the PJW plugin for a while, but dropped that thing like a hot potato after it filled the blog options table with tens of thousands of duplicate entries containing those mimetypes….
Where do you find the “wp-includes/functions.php file”
@New Blogger If you only have a yoursite.dreamhost.com blog I don’t think you can modify this file… you have to manage your own hosting and install wordpress manually or through your web host to be able to mod this file. If you download wordpress from http://wordpress.org then you can find the file I’m talking about.
Hi Darren:
I’m sure you are not aware but you are doing your readers and the WordPress community a huge disservice with this post. You should never recommend that readers modify core WordPress code because it will be wiped out when they upgrade. This can have a chilling effect; WordPress users who follow your advice will become afraid to upgrade later because when they do upgrade their WordPress will “break” in their eyes and it will give them a bad taste in their mouth. And they won’t blame you, they’ll blame WordPress!
Instead you really should really always recommend they use a WordPress hook and put it in their theme’s functions.php file. Here’s an example that adds vCard support:
add_filter(‘upload_mimes’,'add_vcard_upload_support’));
function add_vcard_upload_support($mimes) {
$mimes['vcf|vcard'] = ‘text/x-vcard’;
return $mimes;
Hopefully you can update your post so and remove the recommendation to modify WordPress core to make sure nobody decides to do so in the future?
Hope this helps.
-Mike
@Mike thanks for the suggestion… I think when I wrote this WordPress was at about version 1.0 so things have changed since then.