How to allow additional file type uploads in WordPress

AppIcon76x76@2xYou can upload a lot with the WordPress Media Uploader, but depending on the file extension the system will not allow everything on your server by default – for security reasons. ZIP files and PDFs are fine, but something more obscure – particularly non-standard extensions or executable files – are not. I like it that way too!

One way around this limitation is to simply ZIP up your obscure file and upload the archive – but that’s not always an option. Besides, you may need your file to be openable directly.

In this article I’ll show you how to add additional file extensions to WordPress so that they can be uploaded with the Media Uploader.

Screen Shot 2015-01-07 at 11.54.45

Principle

WordPress takes care of allowed file extensions in an array of MIME Types. Those are comprised of a type and a subtype (for example, text/html or image/jpeg). Here’s a list of MIME Types commonly in use:

When in doubt about your file type, text/plain is a good starting point. In this example I’ll add the .brush file extension because I wanted to share some Procreate Brushes, and iPad visitors should be able to open them directly in Procreate when they hit my link.

Adding File Types

We’ll setup a function which adds our file extension to the existing array of mime types, then let WordPress call this function with a filter. Add this code to your theme’s functions.php file, or anywhere in your plugin:

function allow_personal_uploads ( $existing_mimes=array() ) {
 
// add your own extension here - as many as you like
$existing_mimes['brush'] = 'text/plain'; 
 
// return amended array
return $existing_mimes;
}

// call our function when appropriate
add_filter('upload_mimes', 'allow_personal_uploads');

It’s always wise to prefix such functions with your own initials or known prefix (like prefix_allow_personal_uploads). This avoids potential duplicate functions and conflicts with WordPress and existing plugins.

That’s it – .brush files are now allowed by the Media Uploader.

Removing File Types

With the same principle we can also disallow certain file types to be uploaded. For example, GIF files are allowed by default, but we can remove them if we wish:

function disallow_personal_uploads ( $existing_mimes=array() ) {
 
// remove GIF files
unset ($existing_mimes['gif']); 
 
// return amended array
return $existing_mimes;
}

// call our function when appropriate
add_filter('upload_mimes', 'disallow_personal_uploads');

No more GIF uploads.

Multisite Considerations

To make your new file extensions available on Multisite Installations, you need to add those under Network Admin – Settings – Network Settings – Upload Settings. There’s a text box there with default values, just add yours at the end, separated from the rest with a space:

Screen Shot 2015-01-07 at 12.29.42

No need to remove any here, they simply won’t be allowed when users try to upload extensions you’ve forbidden by using the upload_mimes filter.

Further Reading





Jay is the CEO and founder of WP Hosting, a boutique style managed WordPress hosting and support service. He has been working with Plesk since version 9 and is a qualified Parallels Automation Professional. In his spare time he likes to develop iOS apps and WordPress plugins, or draw on tablet devices. He blogs about his coding journey at http://wpguru.co.uk and http://pinkstone.co.uk.