What this problem is
WordPress blocks uploading SVG or specific formats with an error like: Sorry, this file type is not permitted for security reasons.
Why it happens
- WordPress restricts MIME types by default
- Host security rules may block certain file types
- SVG can contain scripts, so it is higher risk
Prerequisites
- Admin access
- Ability to install a trusted plugin or add a small snippet (advanced)
Diagnosis
Confirm which file type is blocked and whether the restriction applies to all users or only non-admin users.
Detailed steps
Step 1) Use a trusted SVG upload solution
Prefer a well-maintained plugin that sanitizes SVGs before upload.
Step 2) Restrict who can upload risky formats
Limit SVG uploads to administrators and trusted editors.
Step 3) Validate sanitization
Ensure SVGs are sanitized (remove scripts) to prevent XSS.
Expected results
- Uploads succeed and site remains secure
What to do if it fails
- If the host blocks the MIME type at WAF level, request an exception for your account
Best practices
- Prefer WebP/PNG where possible; only allow SVG with sanitization and least privilege