John Reed
github twitter
Modify WordPress file type restrictions
Feb 15, 2014
3 minutes read

By default, WordPress is configured to allow you to upload only certain types of files; if you want to upload some source code contained in a text file with a .cpp or .py extension, for instance, WordPress won’t let you do it. Supposedly this is done because the WordPress developers believe that files that by default are allowed to be uploaded to WordPress can’t be exploited (but others might potentially be exploitable).

The file types that WordPress permits you to upload are specified in /wp-includes/functions.php. Using the existing entries as a template, add any file types not already on the list. For instance, if you want the ability to upload C++ and Python code without having to change the file extension to something else, you could modify the line in functions.php with

'txt|asc|c|cc|h' => 'text/plain',

to include .cpp and .py file extensions like so:

'txt|asc|c|cc|h|cpp|py' => 'text/plain',

A list of MIME types (on the right side of the =>) is available from here. The MIME (Multipurpose Internet Mail Extension) type is used to describe the content type of the files that are uploaded.

The original function:

/**
 * Retrieve list of mime types and file extensions.
 *
 * @since 3.5.0
 *
 * @uses apply_filters() Calls 'mime_types' on returned array. This filter should
 * be used to add types, not remove them. To remove types use the upload_mimes filter.
 *
 * @return array Array of mime types keyed by the file extension regex corresponding to those types.
 */
function wp_get_mime_types() {
    // Accepted MIME types are set here as PCRE unless provided.
    return apply_filters( 'mime_types', array(
    // Image formats
    'jpg|jpeg|jpe' => 'image/jpeg',
    'gif' => 'image/gif',
    'png' => 'image/png',
    'bmp' => 'image/bmp',
    'tif|tiff' => 'image/tiff',
    'ico' => 'image/x-icon',
    // Video formats
    'asf|asx' => 'video/x-ms-asf',
    'wmv' => 'video/x-ms-wmv',
    'wmx' => 'video/x-ms-wmx',
    'wm' => 'video/x-ms-wm',
    'avi' => 'video/avi',
    'divx' => 'video/divx',
    'flv' => 'video/x-flv',
    'mov|qt' => 'video/quicktime',
    'mpeg|mpg|mpe' => 'video/mpeg',
    'mp4|m4v' => 'video/mp4',
    'ogv' => 'video/ogg',
    'webm' => 'video/webm',
    'mkv' => 'video/x-matroska',
    // Text formats
    'txt|asc|c|cc|h' => 'text/plain',
    'csv' => 'text/csv',
    'tsv' => 'text/tab-separated-values',
    'ics' => 'text/calendar',
    'rtx' => 'text/richtext',
    'css' => 'text/css',
    'htm|html' => 'text/html',
    // Audio formats
    'mp3|m4a|m4b' => 'audio/mpeg',
    'ra|ram' => 'audio/x-realaudio',
    'wav' => 'audio/wav',
    'ogg|oga' => 'audio/ogg',
    'mid|midi' => 'audio/midi',
    'wma' => 'audio/x-ms-wma',
    'wax' => 'audio/x-ms-wax',
    'mka' => 'audio/x-matroska',
    // Misc application formats
    'rtf' => 'application/rtf',
    'js' => 'application/javascript',
    'pdf' => 'application/pdf',
    'swf' => 'application/x-shockwave-flash',
    'class' => 'application/java',
    'tar' => 'application/x-tar',
    'zip' => 'application/zip',
    'gz|gzip' => 'application/x-gzip',
    'rar' => 'application/rar',
    '7z' => 'application/x-7z-compressed',
    'exe' => 'application/x-msdownload',
    // MS Office formats
    'doc' => 'application/msword',
    'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
    'wri' => 'application/vnd.ms-write',
    'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
    'mdb' => 'application/vnd.ms-access',
    'mpp' => 'application/vnd.ms-project',
    'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
    'docm' => 'application/vnd.ms-word.document.macroEnabled.12',
    'dotx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.template',
    'dotm' => 'application/vnd.ms-word.template.macroEnabled.12',
    'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
    'xlsm' => 'application/vnd.ms-excel.sheet.macroEnabled.12',
    'xlsb' => 'application/vnd.ms-excel.sheet.binary.macroEnabled.12',
    'xltx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.template',
    'xltm' => 'application/vnd.ms-excel.template.macroEnabled.12',
    'xlam' => 'application/vnd.ms-excel.addin.macroEnabled.12',
    'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
    'pptm' => 'application/vnd.ms-powerpoint.presentation.macroEnabled.12',
    'ppsx' => 'application/vnd.openxmlformats-officedocument.presentationml.slideshow',
    'ppsm' => 'application/vnd.ms-powerpoint.slideshow.macroEnabled.12',
    'potx' => 'application/vnd.openxmlformats-officedocument.presentationml.template',
    'potm' => 'application/vnd.ms-powerpoint.template.macroEnabled.12',
    'ppam' => 'application/vnd.ms-powerpoint.addin.macroEnabled.12',
    'sldx' => 'application/vnd.openxmlformats-officedocument.presentationml.slide',
    'sldm' => 'application/vnd.ms-powerpoint.slide.macroEnabled.12',
    'onetoc|onetoc2|onetmp|onepkg' => 'application/onenote',
    // OpenOffice formats
    'odt' => 'application/vnd.oasis.opendocument.text',
    'odp' => 'application/vnd.oasis.opendocument.presentation',
    'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
    'odg' => 'application/vnd.oasis.opendocument.graphics',
    'odc' => 'application/vnd.oasis.opendocument.chart',
    'odb' => 'application/vnd.oasis.opendocument.database',
    'odf' => 'application/vnd.oasis.opendocument.formula',
    // WordPerfect formats
    'wp|wpd' => 'application/wordperfect',
    // iWork formats
    'key' => 'application/vnd.apple.keynote',
    'numbers' => 'application/vnd.apple.numbers',
    'pages' => 'application/vnd.apple.pages',
    ) );
}

Back to posts


comments powered by Disqus